August 2017

API Security – Taking the plunge

By | Date posted: August 10, 2017

Dear Readers:

Forum Systems and the security community need your help in raising awareness about API Security. Forum Systems has been at the forefront of API Security for over 16 years. Our relentless efforts in educating IT professionals on how best to expose their IT assets securely via APIs has paid off with API Security being recognized by OWASP Top 10 2017.

OWASP has finally dipped its toes into the API Security waters. The API waters run deep and can sink every enterprise IT component with security vulnerabilities that impact network devices, load balancers, application servers, ESBs, databases and even legacy mainframe systems. No component is immune since almost all components expose their functionality via APIs.

It is for this reason we are asking your help in reinforcing the need for API Security.

The OWASP 2017 RC1 includes A10 – Unprotected APIs. We believe that A10 should be ratified in the OWASP Top 10 2017 to ensure that API vulnerabilities are actively addressed by the security community.

You can help ratify A-10 in OWASP 2017 by:

For example, see the excellent and very polite discussion on the emphasizing XXE.

Thank you for efforts, we look forward to continuing our work with security thought leaders and the API community in making enterprise and cloud APIs secure.

-Forum Systems

API Security and OWASP Top 10

By | Date posted: August 7, 2017

API Security and OWASP Top 10 are not strangers. Many years ago (circa 2009), we presented our test results on Techniques in Attacking and Defending XML/Web Services. Fast forward to 2017, OWASP has recognized API Security as a primary security concern by adding it as A10 – unprotected APIs to its list of top 10 vulnerabilities facing web applications. Forum Systems has been at the center of building solutions that address API Security and looks forward to further working with security thought leaders in making enterprise and cloud APIs secure.

API-Security
Read more