Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Application Security

It’s death came furiously and quick, like an earthquake shaking the carefully constructed buzzword tower engineered by Enterprise software marketers around the world. Anne Thomas Manes proclaimed the death of SOA back in 2009 in her seminal blog “SOA is dead; Long Live Services.” Yet here we are in late 2013, over four years later still wrestling with this undead terminology. We have analysts publishing new reports referencing SOA, popular blogs with references to the dreaded “SOA-saurus” and  we have companies with SOA in their name (still), and while #SOA now denotes the hash-tag for the popular show “Son’s of Anarchy” there was in fact a time when this term was heralded. With all of the recent activity and ‘fire’ in the API Management, let’s resolve to engulf and bury SOA once and for all. SOA is Still Dead SOA promised to be the goose that laid a golden egg fo... (more)

Enterprise APIs and OAuth: Have it All

Enterprises often frustrate developers. Why do Enterprises always seem so behind when it comes to the very latest technology? In particular, a trend we are seeing is the continued struggle to marry Enterprise authentication with the burgeoning world of REST APIs. Developers want to use REST, but Enterprises need enterprise grade API security. We think this problem will only worsen as Enterprises continue their rapid adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade authentication through X.509 and SAML, will be left behind as the “Skinny jeans Faceboo... (more)

How to Secure Hadoop Without Touching It

It sounds like a parlor trick, but one of the benefits of API centric de-facto standards  such as REST and JSON is they allow relatively seamless communication between software systems. This makes it possible to combine technologies to instantly bring out new capabilities. In particular I want to talk about how an API Gateway can improve the security posture of a Hadoop installation without having to actually modify Hadoop itself. Sounds too good to be true? Read on. Hadoop and RESTful APIs Hadoop is mostly a behind the firewall affair, and APIs are generally used for exposing da... (more)

From ESBs to API Portals, an Evolutionary Journey | Part 2

In this article series we would like to build a case that API portals, with the Intel® API Manager and Intel® Expressway Service Gateway, powered by Mashery are representative examples, are the contemporary manifestations of the SOA movement that transformed IT in the early 2000s from IT as a cost center to an equal partner in a company’s  execution of a business strategy and revenue generation.  In the introductory article in Part 1 we discussed some of the business dynamics that led to cloud computing and the service  paradigm.  Let’s now take a closer look  at the SOA transf... (more)

New PCI DSS Cloud Computing Guidelines – Are You Compliant?

This month the Cloud SIG of the PCI Security Standards Council released supplemental guidelines covering cloud computing. We’re happy to see APIs included as a recognized attack surface.  As this document makes clear, responsibility for compliance for cloud-hosted data and services is shared between the client and the provider.  API providers moving to the cloud should pay close attention to this document:  Section 6.5.5 covers Security of Interfaces and APIs, while Appendix D covers implementation considerations that include API-related topics.  For cloud-hosted systems, an API ... (more)