Welcome!

Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Application Security
Expressway Heartbleed Update I wanted to send out a quick update on our progress in addressing the Heartbleed vulnerability. On April 7th an OpenSSL advisory was published that identified the “heartbleed” bug, identified as (CVE-2014-0160) As soon as the news … Read more...
- By Andy Thurai (@AndyThurai) and Blake Dournaee (@Dournaee). This article was originally published on Gigaom Summary: Enterprises seeking agility are turning to the cloud while those concerned about security are holding tight to their legacy, on-premise hardware. But what … Rea...
Once More Into the Breach… Less than a month after the Target credit card breach another significant data theft is in the news.  This week’s victim is Snapchat, the popular photo sharing social network.   Gibson Security announced the weakness, with some solid … Read&...
When ATOS, a big corporate conglomerate (EUR 8.8 billion and 77,100 employees in 52 countries), decided that they wanted to become the dominant Digital Service Provider (DSP) for payments, they had a clear mandate on what they wanted to do. … Read more >The post ATO...
40 million card numbers stolen. Will your firm be the next target? News broke last week that a major retailer was the victim of a massive theft of customer credit card data, in what is becoming an all too common cadence of data breaches.  Thieves made off with not just the credit card ...
Data analytics solutions seem as varied as the data they analyze. However, Expressway users have found tremendous success extending it’s built in API Analytics capabilities with those of Splunk’s – a recognized 2013 Gartner Magic Quadrant Leader for Security Information and Event Manag...
Last week I was at the HTML5 developer conference and then spent the remainder of the week at the API Strategy Conference in San Francisco. All of the keynotes and presentations were great and I think everyone enjoyed a new, … Read more >The post API Management or E...
It's not every day that you hear about a software project on public media, but NPR and other public outlets are covering the troubled rollout of the Healthcare.gov website nearly hourly. As a software professional, the problems I was hearing about are common in a large software projec...
This article originally appeared on ProgrammableWeb. There has been so much talk about APIs and how they add additional revenue channels, create brand new partnerships, allow business partners to integrate with ease, and how they help with promoting your brand. … Read more&#...
Why should you think of API management as a platform? Because it’s becoming one of the most prodigious and important aspects of how Enterprises of all sizes participate in the digital economy.Keeping in line with the standard platform technology definition, … Read more...
Intel has recently been gaining some chops in API Management. Expressway API Manager has been out a while now and we acquired Mashery and Aepona this year. Mashery you will (or should) know but Aepona, you may not have heard of. … Read more >The post API Management;...
POC Requirements – Token Authentication and Mapping Often times in sales engineering I get “tunnel-vision”, focusing so much of my efforts on just meeting the requirements of a proof-of-concept (POC) that I fail to fully appreciate the true value Expressway … Read more...
What do Dr. Henry McCoy and large Enterprises have in common? They can both be brilliant at what they do and be a veritable beast to manage. Enterprise complexity and legacy debt can hamstring an organization trying to move to … Read more >The post Exposing the Beas...
Instant API Management with Intel and Amazon Did you know you can get started with Intel Expressway API Manager on AWS Marketplace today with only a few clicks? You can have instant API Management and enhanced EC2 security for applications and services exposed from public or hybrid clo...
A fundamental premise of the Internet of Things (IoT) is the recognition of a certain human weakness. Humans are poor data collectors. We are poor fact collectors. We are poor sensors. Our senses fail us, we make mistakes, and we misremember. Research in Psychology shows that our brai...
Hey, that’s my personal cloud! You didn’t know you had a personal cloud did you? I was a bit shocked myself. Well, we might not all have a personal cloud yet, but Rackspace’s Robert Scoble gave an intriguing keynote talk today at Dataweek 2013 on what he calls the age...
With McAfee Focus underway this week I wanted to revisit security, risk and compliance in the context of providing Bulletproof API management. So what does it take? There is some prevailing wisdom out there that security for APIs and API … Read more >The post Bullet...
It has been several years since Gartner first made their prediction that Citizen Developers will create at least 25% of business applications by 2014.  We have quite a few of these at Intel, and I recently shared one of my … Read more >The post Mobile Access: Citize...
APIs are big news this week for the federal government. First we have the former U.S. CTO calling on APIs as a means to accelerate data sharing across agencies, and second we have a preview from NPR of what it might be like to actually sign-up for “Obamacare” insurance on O...
Here is a free lesson to start-up companies trying to position their products for large scale Enterprises:  plain and simple, your products need to support multitenancy. The largest enterprises are diversified, and with the increased adoption of APIs, multiple departments … Read&...
Securosis has a new analyst report out called “API Gateways: Where Security Enables Innovation“.  The paper describes how API gateways simultaneously enable security and software development.  It shows how security can be enforced practically, without becoming an impediment...
It’s death came furiously and quick, like an earthquake shaking the carefully constructed buzzword tower engineered by Enterprise software marketers around the world. Anne Thomas Manes proclaimed the death of SOA back in 2009 in her seminal blog “SOA is dead; Long … R...
De-identifying Data in APIs I was catching up on my RSS feeds over the weekend, reading all the things I missed while I was at IDF, when I saw this great post from Kin Lane calling for “A Masking, Scrubbing, … Read more >The post Tokenization for De-Identifyin...
The API Economy is launched and it’s not too late to join in the fun. According to Pew Research, 91% of American adults have a cell phone and 34% of American adults own a tablet computer. The proliferation of mobile devices … Read more >The post The API Econom...
I am very excited to be speaking alongside Andreas Constantinou from VisionMobile next week in a joint webinar entitled “Connect Enterprise APIs to Mobile Application Development.” We’ll be talking about the explosion of mobile application development tools and the co...
My colleague Blake posted yesterday with a response to Daniel Jacobson’s thought-provoking post, “Why you probably don’t need an API strategy”.  Blake spells out some pretty clear reasons why you do need an API strategy and outlines some of the different things ...
I thoroughly enjoyed Daniel Jacobson’s talk at Intel Mashery’s BAPI this year and have shamelessly borrowed a quote from one of his slides as a permanent fixture to my Outlook signature: It takes nearly three years of public API requests … Read more >The...
We just don’t talk enough about the intersection of APIs and mobile middleware, but they really are a match made in heaven. APIs are the prevailing interface model, mobile middleware provides the Enterprise grade security and scalability, and HTML5 keeps mobile fragmentation costs at b...
Last week I (along with many other Intel Employees and customers) attended the Intel Developer Forum at the Moscone Center in San Francisco.  I was impressed with the range of mobile application development tools showcased, along with the new devices … Read more >Th...
It’s an exciting week in API Management with both Intel’s #IDF13 and Business of APIs conference. Most notably was John Musser’s presentation, specifically API Secret #5, which is “Internal Use may be the biggest API use case” I couldn’t agree more. ...
Eric Knipp’s fantastic post (Don’t let API Management Wag the Dog) on cautioning clients on selecting a strategy prior to jumping in with an API Management vendor was excellent. It seems that many of the popular API management vendors are doing a great job of marketing, so much so that...
According to Gartner, API Management + SOA Governance = Application Services Governance.  This year’s Magic Quadrant reflects that change, updating the title as well as some of the participants.  It has been nearly two years since Gartner’s final “SOA Governance”...
- By Andy Thurai (Twitter: @AndyThurai) This article originally appeared on PandoDaily. Looks like Obama read my blog! The White House got the message. Politicians now seem to understand that while they are trying to do things to save the country, such as creating NSA programs, they c...
Do you want to learn what “API surfacing” is? Do you know how to create low-touch, completely automated APIs that can convert you from existing enterprise orientedness (or being a SOA-saurus) to a more agile, API enabled architecture? Learn how … Read more >The post...
The Intel Developer Forum (IDF) is coming up in a few weeks, and it’s shaping up to be a great event.  Mobile will be a key focus of this year’s IDF, and as you might imagine API management and HTML5 will … Read more >The post HTML5 and API Management at...
API Management and Internet of Things   API Management is more relevant than ever with the explosive growth of internet connectivity.  The Internet of Things (IoT) is following close on the heels of the mobile market expansion. IoT refers to uniquely identifiable objects and the...
The cloud holds enormous promise for improving agility, availability, and cost for app deployments. Amazon’s EC2 is especially attractive given the investments they have made in building out capacity around the world, allowing apps to be deployed where they are being used, minimizing l...
Tokenization.  It’s not just for PCI anymore.  As enterprises migrate to the cloud for improved cost and efficiency, data is being put at risk.  A recent scan of Amazon S3 buckets showed a treasure trove of sensitive information being stored … Read more >The p...
Make an app! Hack something! Innovate through APIs! Have you ever wondered where APIs come from? Sure they provide tremendous value, but how does an Enterprise or organization publish a scalable, reliable and secure API that can effectively “bridge” the … Read mo...
I had a speaking opportunity at QCON in Big Apple last week.   As usual Big Data and Mobility were the dominating topics in this conference.  Surprisingly, there was a strong html5 presence as well. At least ten presentations (including mine) were … Read more >The p...