Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

We just don’t talk enough about the intersection of APIs and mobile middleware, but they really are a match made in heaven. APIs are the prevailing interface model, mobile middleware provides the Enterprise grade security and scalability, and HTML5 keeps mobile fragmentation costs at bay. It all came together last week at IDF 2013. Here is a picture of the demo pod rocking a full end-to-end demo with Expressway API Manager. Expressway API and Mobile Middleware Demo @ IDF2013 The use case was a conference room booking demo which helps large Enterprises (like Intel) optimize the use of physical space for meetings and collaboration. Expressway provided the governance, mediation and security layer by taking XML and JSON room sensor data and optimizing it for mobile devices through caching and compression. Further, rather than worry too much about sensitive information l... (more)

Intel® SOA Expressway as Secure Token Service for Lightweight Clients

Most of you are familiar with deploying Intel® SOA Expressway as a xml gateway for protecting your SOAP and REST services. I wanted to blog about another very interesting use case where SOA Expressway acts as a Secure Token Service (STS) for a lightweight client requestor. While a formal STS generally assumes WS-Trust aware clients and SOAE can support that, this need not be the case and imposes additional requirements on a lightweight client. Instead of a formal WS-Trust request, the client can pass a simple credential in the form of a username/password token and retrieve the p... (more)

Next Gen Enterprise API Architecture for Mobile

The Enterprise software industry has grown up around the standard three tier-architecture for web applications, which pioneered circa 1995. This architecture is ideal for web browsers, which have become the universal client of the Enterprise. With the introduction of Enterprise mobile applications, we are seeing new avenues for innovation, new user experiences and increased convenience. In some ways, however, we are rolling back the clock. Allow me to clarify: If we accept the premise that native mobile applications deliver the best functionality on disparate mobile platforms, w... (more)

How to Harden Your APIs by Andy Thurai

The market for APIs has experienced explosive growth in recent years, yet one of the major issues that providers still face is the protection and hardening of the APIs that they expose to users. In particular, when you are exposing APIs from a cloud based platform, this becomes very difficult to achieve given the various cloud provider constraints. In order to achieve this you would need a solution that can provide the hardening capabilities out of the box, but that still permits for customization of the granular settings to meet the solution need. Intel has such a solution and i... (more)

Elastic Scaling of APIs in the Cloud

As an Enterprise Architect for Intel IT, I worked with IT Engineering and our Software and Services group on the elastic scaling of the APIs that power the Intel AppUp® center. Our goal was to scale our APIs to at least 10x our baseline capacity (measured in transactions per second) by moving them to our private cloud, and ultimately to be able to connect to a public cloud provider for additional availability and scalability. Here’s a quick set of practices we used to achieve our goal: Virtualize everything.  This may seem obvious and is probably a no-op for new APIs, but in our... (more)