Last month, another major identity management vendor revealed a significant vulnerability. This time it was Auth0.
While conducting its own research, Cinta Infinita discovered the vulnerability in Auth0’s Legacy Lock API. The security firm noted it “was able to bypass password authentication when logging into Auth0’s Management Dashboard by forging an authentication token.”
Company’s Industry-leading API Security Gateway Earns Top Honors in API Management and Security Category
BOSTON, May 8, 2018 – Forum Systems Inc., a pioneer in API security technology, today announced that the Info Security Products Guide has named the Forum Sentry API Security Gateway a Gold winner in the API (Application Programming Interface) Management and Security category of the 2018 Global Excellence Awards®.
API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is essential for rapidly locking down APIs. In this article, we review “The Four Pillars of API Security” — SSL, Identity, Content Validation and Architecture.
 |
| API Security Stack |
Before addressing the Four Pillars of API Security, it is essential to recognize that a robust PKI is a must for enterprise-grade API Security. Without proper key life-cycle management, the API Security Pillars cannot be built.
Once a solid PKI foundation is in place, an organization can build API Security Pillars on this foundation. Without a robust PKI foundation to stand on, API security pillars will collapse. With a solid foundation and strong pillars, a corporation’s API attack surface area is significantly reduced. To deploy API Security, we recommend the following four pillars:
A revolution is occurring in European banking and APIs are leading the way.
Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU.” Legislated by the European Commission, the objective of the PSD “is to make cross-border payments as easy, efficient and secure as ‘national’ payments within a Member State.”
To accommodate the rapid rise of new online payment providers – third-party payment providers (TPPs) – the European Commission proposed a revision in 2013. Building on the PSD’s key principles, PSD2 was ‘born’ to make payments safer and more secure, enhance consumer protection, foster innovation and promote competition while ensuring a level playing field for all payment service providers.
In force since 2016, EU Member States must implement PSD2 by January 2018.
In October, one of the signature security events in the history of the internet occurred. Dyn, the well-known cloud-based internet performance management company, suffered a massive DDoS attack on its managed domain name server infrastructure. The impact was widespread.
Strategic Partnership Enables UK Government Agencies to Procure Leading API Security Management Technology on Crown Commercial Service’s Digital Marketplace
BOSTON, January 26, 2016 – Forum Systems Inc. today announced a strategic partnership with Trustis to deliver its award-winning API Security Management platform to UK public sector organizations on the G-Cloud 7 framework. Forum Sentry, which serves as the foundation of Trustis’ API Management & Cloud Gateway solution, can now be obtained in the Crown Commercial Service’s (CCS) online catalog, the Digital Marketplace.
New Features Advance State-of-the-Art in API Security Management
BOSTON, December 8, 2015 – Forum Systems Inc. today announced significant enhancements to its flagship Forum Sentry API Gateway that enable enterprises to achieve seamless, secure integration with multiple cloud providers while satisfying users’ ever-increasing demands for anytime, anywhere mobility through the flexibility of Single Sign-On (SSO).
Company to Showcase Industry-Leading API Security Management Technology
BOSTON, October 12, 2015 – Forum Systems Inc. announced today that it will be showcasing its award-winning API Security Management solutions at key cybersecurity events, including the 2015 ISSA International Conference and SC Congress Chicago.
Forum Systems will be showcasing Forum Sentry in Booth #103 at the 2015 ISSA International Conference, taking place October 12-13 at the Chicago Marriott Downtown.
Premier Analyst Firm Recognizes Forum Systems as the Only API Management Vendor “with a Primary Focus on Security”
Lauds Company as Top Vendor in Product and Innovation Categories
Forum Systems Inc. announced today that leading European analyst firm KuppingerCole has named the company an Overall Leader in its July market analysis of API Security Management solutions.
