Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

Here is a link to the API whitepaper produced by Dan Woods, Chief Analyst CITO Research (of API book fame); Blake Dournaee, Intel Product Manager; and yours truly.   I think it came out better than expected and has a foreword by John Musser of ProgrammableWeb (Guru in API space). Given that everything is moving to Cloud and Mobile, you might want to spend a few minutes to check out the best practices of developing, implementing, securing and managing your APIs properly regardless of whether you are thinking IasS, PaaS or SaaS. What makes us unique is the combination of McAfee security and Intel identity and performance as you can see in the paper. Intel API Whitepaper Download Link   Andy Thurai — Chief Architect & CTO, Application Security and Identity Products, Intel Andy Thurai is Chief Architect and CTO of Application Security and Identity Products with Intel... (more)

Enterprise APIs and OAuth: Have it All

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Faceboo... (more)

Elastic Scaling of APIs in the Cloud

As an Enterprise Architect for Intel IT, I worked with IT Engineering and our Software and Services group on the elastic scaling of the APIs that power the Intel AppUp® center. Our goal was to scale our APIs to at least 10x our baseline capacity (measured in transactions per second) by moving them to our private cloud, and ultimately to be able to connect to a public cloud provider for additional availability and scalability. Here’s a quick set of practices we used to achieve our goal: Virtualize everything.  This may seem obvious and is probably a no-op for new APIs, but in our... (more)

From ESBs to API Portals, an Evolutionary Journey | Part 2

In this article series we would like to build a case that API portals, with the Intel® API Manager and Intel® Expressway Service Gateway, powered by Mashery are representative examples, are the contemporary manifestations of the SOA movement that transformed IT in the early 2000s from IT as a cost center to an equal partner in a company’s  execution of a business strategy and revenue generation.  In the introductory article in Part 1 we discussed some of the business dynamics that led to cloud computing and the service  paradigm.  Let’s now take a closer look  at the SOA transf... (more)

Don’t be stupid, use (cloud) protection!

- By Andy Thurai (Twitter: @AndyThurai) This article originally appeared on PandoDaily. Looks like Obama read my blog! The White House got the message. Politicians now seem to understand that while they are trying to do things to save the country, such as creating NSA programs, they cannot do that at the cost of thriving and innovative businesses, especially cloud programs, which are in their infancy. Recently, Obama met with technology leaders from Apple, AT&T, Google and others behind closed doors to discuss this issue. While American initiatives, both federal and commercial, ar... (more)