Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Facebook generation” puts the final nail in SOAP’s coffin. The Dilemma Among our own customers and the stories we’ve heard, Enterprises are left with a dilemma with four horns concerning the protection of REST APIs: (a) Use mutual authentication with client-side SSL (b) Use HTTP authentication (passwo... (more)

How to Secure Hadoop Without Touching It

It sounds like a parlor trick, but one of the benefits of API centric de-facto standards  such as REST and JSON is they allow relatively seamless communication between software systems. This makes it possible to combine technologies to instantly bring out new capabilities. In particular I want to talk about how an API Gateway can improve the security posture of a Hadoop installation without having to actually modify Hadoop itself. Sounds too good to be true? Read on. Hadoop and RESTful APIs Hadoop is mostly a behind the firewall affair, and APIs are generally used for exposing da... (more)

From ESBs to API Portals, an Evolutionary Journey | Part 2

In this article series we would like to build a case that API portals, with the Intel® API Manager and Intel® Expressway Service Gateway, powered by Mashery are representative examples, are the contemporary manifestations of the SOA movement that transformed IT in the early 2000s from IT as a cost center to an equal partner in a company’s  execution of a business strategy and revenue generation.  In the introductory article in Part 1 we discussed some of the business dynamics that led to cloud computing and the service  paradigm.  Let’s now take a closer look  at the SOA transf... (more)

New PCI DSS Cloud Computing Guidelines – Are You Compliant?

This month the Cloud SIG of the PCI Security Standards Council released supplemental guidelines covering cloud computing. We’re happy to see APIs included as a recognized attack surface.  As this document makes clear, responsibility for compliance for cloud-hosted data and services is shared between the client and the provider.  API providers moving to the cloud should pay close attention to this document:  Section 6.5.5 covers Security of Interfaces and APIs, while Appendix D covers implementation considerations that include API-related topics.  For cloud-hosted systems, an API ... (more)

Custom API Analytics with Expressway and Splunk

Splunk – An Ancillary Source of API Analytics Data analytics solutions seem as varied as the data they analyze. However, Expressway users have found tremendous success extending it’s built in API Analytics capabilities with those of Splunk’s – a recognized 2013 Gartner Magic Quadrant Leader for Security Information and Event Management. Intel distributes a free Splunk Application that ingests Expressway’s transactional logs. The application provides in depth dashboards and metrics of message transactions & system utilization. Recently, one of my customers wanted an alternate way ... (more)