Author Archives: Mamoon Yunus

Online LDAP Test Server

LDAP severs are a key infrastructure component required to enable access control for APIs. We have provided a LDAP server with a few entries with which you can test your LDAP connectivity, binding and user credential authentication. … Read More

API Security and MySQL — A match made in Hell

What do API Security and MySQL have in common? Not much one hopes, especially if you are responsible for implementing enterprise-wide API Security. When picking any security product, particularly an API Security Gateway, an enterprise should carefully evaluate the architecture and components … Read More

Four Pillars of API Security

API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is essential … Read MoreRead More

API Security – Taking the plunge

Dear Readers: Forum Systems and the security community need your help in raising API Security awareness. Forum Systems has been at the forefront of API Security for over 16 years. Our relentless efforts in educating IT professionals on how best to … Read More

API Security and OWASP Top 10

API Security has become a central concern in deploying APIs across portals, devices and cloud services. OWASP Top 10 2017 – RC1 includes API Security provisions. … Read More

Three Federated API Requirements for Enterprise Cloud Computing

Successful enterprise API implementations are built on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownership defines an API domain. Deciding what services are core to a business owner and should … Read MoreRead More


OpenSSL is Fṓṝked

The flensing began rather quickly with the OpenBSD team cleaning up 90,000 lines of code within a week of Heartbleed.  OpenSSL then got royally fṓṝked by OpenBSD and LibreSSL was born.  The divergence between OpenSSL and LibreSSL continues while OpenSSL … Read MoreRead More


Load balancers that use OpenSSL

A list of market leading load balancers that use OpenSSL to protect HTTP and FTP traffic includes F5, Citrix, Radware, Riverbed, and Barracuda. Load balancers spread traffic amongst multiple servers and enable high availability for business transactions. They serve as a central conduit for critical business transactions. The load balancer vendors have done a good job in patching their products to prevent the latest OpenSSL vulnerability: Heartbleed. … Read More


Heartbleed exposes privates

This is as serious as it gets. Heartbleed exposes your corporate private keys. Your crown jewels, your keys to the castle….well you get the idea. Your corporate privates are indeed exposed, they may not have been stolen yet, but they are unequivocally exposed through Heartbleed . It took researches less than 3 hours to extract private keys from a server as a result of a challenge issued by CloudFare. … Read More


Predictions from 2002-2003: Heartbleed = Criminal Negligence

Here is an archived document that Forum Systems published in 2002-2003 while architecting a secure XML gateway. We would like you to read this article to understand the importance of a security-first approach while interacting with users and systems, especially outside your enterprise boundary. … Read More