API Security

PSD2: An Open Concept in Banking Mandating the Use of APIs

A revolution is occurring in European banking and APIs are leading the way. Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services … Read MoreRead More

Authentication and Authorization: Reducing The Risk While Still Enabling Collaboration

At the World Economic Forum held in Davos Switzerland last January, Cisco CEO, John Chambers warned, “The number of security incidents this year will be exponentially greater than last year”. If Mr. Chambers’ words did not raise a big red … Read MoreRead More

OPM Breach Proves Einstein Cybersecurity Not Enough

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics … Read MoreRead More

Keeping the “Internet of Things” Simple

I once received a lengthy letter from a friend of mine that quoted the old adage, “I would have written a shorter letter, but I didn’t have the time.” We often find in our lives that there is too little … Read MoreRead More

Multiple Layers of Wallpaper and API Access

In one episode of the television show This Old House, a homeowner needed to install a new electrical outlet. As he began to peel back the existing wallpaper it revealed another layer of wallpaper. Underneath the newfound layer of wallpaper … Read MoreRead More

Why Security Certifications Matter

We recently announced that Forum Sentry is the first and only API gateway to attain compliance with the internationally recognized Network Device Protection Profile (NDPP) certification. We are also the only FIPS- and DoD-certified cloud integration technology in the industry. … Read MoreRead More

EAL Certification is Dead

In October of 2009, the National Information Assurance Partnership (NIAP), transitioned away from Evaluation Assurance Levels (EAL) and moved to Protection Profiles (PP). NIAP made the move to PPs because EAL requirements gave a false level of security. … Read More

Three Federated API Requirements for Enterprise Cloud Computing

Successful enterprise API implementations are built on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownership defines an API domain. Deciding what services are core to a business owner and should … Read MoreRead More

Heartbleed

How Java™ Could Have Prevented Heartbleed

OpenSSL continues to cast a shadow over the IT industry’s poor choice of programming languages for developing secure software. Neils Ferguson and Bruce Schneier’s mantra, that using a programming language without protection against buffer overflows is tantamount to criminal negligence, … Read MoreRead More

OpenSSL Security Vulnerabilities and other C-based Risks

The latest Heartbleed OpenSSL vulnerability (CVE-2014-0160) is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. … Read More