Blog

Protecting Against OAuth Hacks

By | Date posted: November 18, 2016
shutterstock_279329882-680x400

In this latest reported OAuth 2.0 hack entitled “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“, it has been discovered that:

“…A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile app account without any knowledge of the legitimate user…”

Read more

Why API Management Caught Google’s Eye

By | Date posted: October 27, 2016
api

Anytime one of the world’s largest and most innovative brands puts more than a half-billion dollars into an M&A deal, the market sits up and takes notice. But, when the deal involves one of the key players in the API Management space, well, it takes on an added significance.

It has been a little more than a month since Apigee announced its acquisition by Google for $625 million. What does the event mean to the broader industry – for us here at Forum Systems?

Read more

SAML SSO 5 Security Check Points

By | Date posted: August 1, 2016
Three-Benefits-SAML

Security Assertion Markup Language, or SAML, provides numerous benefits to enterprises, organizations and governments. One of its greatest assets is Single Sign-On (SSO), the ability to enable users to securely access multiple applications with a single set of credentials, entered once. With SAML, users and organizations can conduct business faster and more efficiently by seamlessly accessing multiple applications on the same domain or on multiple domains.


 

Read more

Establishing Identity Federation: Combining Identity With Data Security

By | Date posted: July 7, 2016
investigacion-red-de-investigadores

Identity Federation – Internal and External Services, Internal and External Users

Establishing an identity and trust solution among computing systems in a network ecosystem is not new to information technology, what is new is the multiple factors enterprises must consider when implementing and finding a seamless solution to leverage access to not only existing identity repositories, legacy systems and more and more services moving to the cloud.
Read more

Implementing Identity and Access Control? Don’t Forget the Data!

By | Date posted: May 19, 2016
big-data-skills-in-demand-are-a-mix-of-old-and-new-v2

Last weeks European Identity and Cloud conference (EIC) hosted by KuppingerCole in Munich, Germany, proved to be the start of a week full of conversations focusing on the questions and challenges surrounding identity. Conversations around terms and phrase such as “Centralized Identity”, “Hybrid-Cloud” and the latest hot topic of “Blockchain” filled the hall and exhibition center but the one conversation binding them all was “Security”, more specifically how to secure the actual data that identities are communicating without complicating the business process.
Read more

GCN Industry Insight: How to secure the API-enabled enterprise

By | Date posted: March 24, 2016

In this article, Jason Macy – CTO of Forum Systems, highlights how classic cyber security falls short when agencies and corporations deploy APIs. Classic cyber security deployments are blind to API traffic content and patterns and require a comprehensive API security management strategy that this article helps define.

Application programming interfaces are at the forefront of today’s technology innovations. They allow mobile applications, cloud computing and legacy systems to abstract infrastructure applications and services from the integration points that they serve. API architectures deliver the rapid innovation and agile development that have transformed both corporate and government IT architectures. But despite APIs’ ubiquity and unquestioned business value, from a security standpoint they are often overlooked and under-protected.

Read the full article

 

Content-Based Access Control: Three Areas of Consideration

By | Date posted: November 16, 2015
API-Security

In an API economy, content-based access control (CBAC) grants or denies a customers request based on the content that is sent. In most cases content-based access control is used along with identity processing, but it can be used on it’s own for granting or denying API requests by identifying threats, verifying signatures or validating structure of the content and messages being sent.

Read more

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

By | Date posted: September 14, 2015
IoT

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red flag with all developers, then the events of the past few months should. Not only are such incidents more common, they are becoming more disruptive.

Read more