Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

Let’s face it, APIs are hot. They engender community by enabling third-party developers, they allow Enterprises to expose existing content and services in new ways, and they provide a way to deliver brand new products and services. If you haven’t seen the statistics, API traffic is now on the same order of magnitude as web traffic, and it just keeps growing. Further, platforms such as Ruby on Rails make it easy to expose REST based services by returning different formats (such as XML or JSON) for existing services initially designed for a web browser. When an Enterprise exposes an API they are really exposing a back-end function call intended to return some useful data. In the case of REST the data returned is an XML or JSON representation of a server object. In the case of SOAP, it is an XML payload or possibly a MIME attachment.  Most Enterprises assume that as l... (more)

Who’s a SOAsaurus?

The phrase “Don’t be a SOAsaurus” is being bandied about on Twitter and the like and it got me thinking about using that particular analogy to describe SOA Web Services practises and contrast them with the clever little RESTful API Service mammals that maybe saw off the big, ugly lizards. Before getting into computing I did spend some time in Geology so I’m coming at this argument from a slightly odd standpoint. For any Geologists reading I was structural, ophioites and terrain docking. We used to look down on this palaeontology stuff and everyone looked down on the geophysicists.... (more)

From ESBs to API Portals, an Evolutionary Journey | Part 2

In this article series we would like to build a case that API portals, with the Intel® API Manager and Intel® Expressway Service Gateway, powered by Mashery are representative examples, are the contemporary manifestations of the SOA movement that transformed IT in the early 2000s from IT as a cost center to an equal partner in a company’s  execution of a business strategy and revenue generation.  In the introductory article in Part 1 we discussed some of the business dynamics that led to cloud computing and the service  paradigm.  Let’s now take a closer look  at the SOA transf... (more)

Cloud-Aware Tokenization: Helping to Build PCI-Compliant Applications in the Cloud

Last year the Open Data Center Alliance published an excellent whitepaper that defined the concept of “cloud-aware” applications.  The ODCA paper sets forth the following recommendations: Everything is a Service Use RESTful APIs Separate Compute and Persistence Design for Failure Architect for Resilience Operationalize Everything Security at Every Layer I will likely revisit these concepts in future posts, but in this post I want to highlight how our multi-datacenter tokenization function can help to build PCI-compliant applications that are cloud-aware, hitting points 4, 5, and... (more)

Be Your Own Broker: An Enterprise Perspective using API Management

Kin Lane has started tracking what he calls API Brokers over at API Evangelist. This quote illustrates the promise of API brokerage: I envision other new API brokers emerging, in niche areas like images, video or messaging. Imagine if you could use Twilio, Tropo or other SMS API provider, but use through a broker who will give you the best availability and costs based upon various needs. This type of API aggregation is not meant for providing users with access to multiple cloud silos via APIs, it is more about brokering API resources and establishing a marketplace. This really re... (more)