Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

We just don’t talk enough about the intersection of APIs and mobile middleware, but they really are a match made in heaven. APIs are the prevailing interface model, mobile middleware provides the Enterprise grade security and scalability, and HTML5 keeps mobile fragmentation costs at bay. It all came together last week at IDF 2013. Here is a picture of the demo pod rocking a full end-to-end demo with Expressway API Manager. Expressway API and Mobile Middleware Demo @ IDF2013 The use case was a conference room booking demo which helps large Enterprises (like Intel) optimize the use of physical space for meetings and collaboration. Expressway provided the governance, mediation and security layer by taking XML and JSON room sensor data and optimizing it for mobile devices through caching and compression. Further, rather than worry too much about sensitive information l... (more)

Hadoop Security: Internal or External? Why Not Both!?

I saw a conversation today on Twitter that asked why we don’t just embed proper security into Hadoop instead of suggesting the API gateway approach to Hadoop security that my colleague Blake proposed.  The same could be asked about any number of applications and services, but the bottom line is that we believe that a two-pronged approach is best. Internally, we have dramatically improved Hadoop’s security capabilities via Project Rhino.  This enables best security practices like encryption at rest, which cannot be implemented anywhere else.  We are also working to standardize th... (more)

The Grinch Who Stole Christmas for Target’s Brand and Customers

40 million card numbers stolen. Will your firm be the next target? News broke last week that a major retailer was the victim of a massive theft of customer credit card data, in what is becoming an all too common cadence of data breaches.  Thieves made off with not just the credit card numbers, but also the CVV and expiration dates.  If you listen closely, you can probably hear the machines printing up counterfeit cards.  At this point there has been no precise confirmation of the attack vector used to collect the data – and the gory details may never be known, absent some governme... (more)

Intel(R) Expressway Service Gateway – Heartbleed Security Update

Expressway Heartbleed Update I wanted to send out a quick update on our progress in addressing the Heartbleed vulnerability. On April 7th an OpenSSL advisory was published that identified the “heartbleed” bug, identified as (CVE-2014-0160) As soon as the news was available, the Expressway engineering team began a rapid investigation to determine which versions of Expressway Service Gateway and Expressway Tokenization Broker might be affected. By 9PM CDT on April 9th patches were made available and published along with a customer notification for the most widely deployed Express... (more)

Enterprise APIs and OAuth: Have it All

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Faceboo... (more)