API Security

Risk is Reality: Our Take on the Recent Auth0 Vulnerability

By | Date posted: May 23, 2018

Last month, another major identity management vendor revealed a significant vulnerability. This time it was Auth0.

While conducting its own research, Cinta Infinita discovered the vulnerability in Auth0’s Legacy Lock API. The security firm noted it “was able to bypass password authentication when logging into Auth0’s Management Dashboard by forging an authentication token.”
Read more

Forum Systems Named Gold Winner in Info Security PG’s 2018 Global Excellence Awards®

By | Date posted: May 8, 2018

Company’s Industry-leading API Security Gateway Earns Top Honors in API Management and Security Category

BOSTON, May 8, 2018 – Forum Systems Inc., a pioneer in API security technology, today announced that the Info Security Products Guide has named the Forum Sentry API Security Gateway a Gold winner in the API (Application Programming Interface) Management and Security category of the 2018 Global Excellence Awards®.

Read more

Forum Systems to Explore API Security Fundamentals at Midwest Summit

By | Date posted: April 17, 2018

BOSTON, April 19, 2018Forum Systems Inc., a pioneer in API security technology, today announced the Midwest API Summit, the latest event in the company’s continuing series dedicated to examining the fundamentals of API security.

Taking place Thursday, April 26, from 9:30 a.m. – 4:30 p.m. EDT at the Renaissance Cincinnati Downtown, the Midwest API Summit will feature Forum Systems CTO Jason Macy and other industry experts exploring the best practices in securing API-based architectures. During the event, Forum Systems will showcase how its award-winning Forum Sentry API security gateway is providing the foundation for an effective API security strategy.

Read more

Money Mule(Soft): Salesforce Acquires API Integration Company for $6.5 Billion

By | Date posted: March 28, 2018

Well, it has happened again.

Another tech behemoth has made a massive acquisition to bolster its cloud presence – this time in the most expensive cloud software deal in history.

Last fall, it was Google gobbling up Apigee; this week, it’s Salesforce subsuming MuleSoft.

Alliteration aside, what’s the significance of this latest deal, both for the broader industry and for Forum Systems’ customers and partners?
Read more

Forum Systems Advances Industry-leading API Security Gateway Technology

By | Date posted: January 25, 2018

Company’s Award-winning Forum Sentry Drives Secure Amazon Elastic Compute Cloud Deployments

Delivers REST API for Autonomous Provisioning in Virtual, Cloud and Containerized Environments

BOSTON, January 25, 2018Forum Systems Inc., a pioneer in API security technology, today announced industry-first capabilities in its award-winning Forum Sentry API Security Gateway that enable enterprises and government organizations to securely leverage the Amazon Elastic Compute Cloud (EC2) for key business initiatives. Further advancing the state-of-the-art in API security gateway technology, Forum Sentry now features a REST API for rapid deployment in virtual, cloud and containerized environments.
Read more

Forum Systems Joins AFCEA Community

By | Date posted: October 11, 2017

Since 1946, AFCEA has been bringing together industry experts and government agencies to provide a forum for collaboration that better aligns technology and strategy with the needs of our government and military. AFCEA is widely recognized as a hub for industry innovation and thought leadership, and Forum Systems is excited to announce that we’ve joined the non-profit international organization as an official member.

Read more

API Security and MySQL — A match made in Hell

By | Date posted: August 30, 2017

What do API Security and MySQL have in common? Not much one hopes, especially if you are responsible for implementing enterprise-wide API Security.

When picking any security product, particularly an API Security Gateway, an enterprise should carefully evaluate the architecture and components of the product that it’s purchasing. If the components such as Operating System, PKI security stack and policy storage mechanisms are not secure, then an enterprise is increasing its API attack surface area rather than mitigating it through an API Security Gateway.

And please don’t have your security policies stored in a database such as MySQL — a prime target for hackers. If you security policies are stolen, your entire enterprise API ecosystem is compromised.

Alexei Balaganski‘s article — “The Cargo Cult of Cybersecurity” — critiques our false sense of security. We spend billions of dollars (120 Billion in 2017) on cybersecurity products that are poorly developed, improperly or never deployed, and rarely tested by a third party. By doing so, we are creating a false sense of security.

Here is an excerpt from Alexei’s article:

However, the exact reason for my today’s rant is somewhat different and, in my opinion, even more troubling. While reading the documentation for a security-related product of one reputable vendor, I’ve realized that it uses an external MySQL database to store its configuration. That got me thinking: a security product is sold with a promise to add a layer of protection around an existing business application with known vulnerabilities. However, this security product itself relies on another application with known vulnerabilities (MySQL isn’t exactly known for its security) to fulfill its basic functions. Is the resulting architecture even a tiny bit more secure? Not at all – due to added complexity it’s in fact even more open to malicious attacks.

For complete article, see: The Cargo Cult of Cybersecurity.”

Forum Systems Lauds Recognition of API Security in OWASP Top 10

By | Date posted: August 18, 2017

Longtime API Security Champion Praises OWASP Community for Listing “Underprotected APIs” in RC1; Sponsors Premier AppSec USA 2017 Conference

BOSTON, August 21, 2017 – Forum Systems Inc., a pioneer in API security technology, today celebrated the Open Web Application Security Project (OWASP) community for including ‘Underprotected APIs’ in the OWASP Top 10 – 2017 RC1 list of most critical web application security risks.

Read more

Four Pillars of API Security

By | Date posted:

API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is essential for rapidly locking down APIs. In this article, we review “The Four Pillars of API Security” — SSL, Identity, Content Validation and Architecture.

API Security Stack

Before addressing the Four Pillars of API Security, it is essential to recognize that a robust PKI is a must for enterprise-grade API Security. Without proper key life-cycle management, the API Security Pillars cannot be built.

Once a solid PKI foundation is in place, an organization can build API Security Pillars on this foundation. Without a robust PKI foundation to stand on, API security pillars will collapse. With a solid foundation and strong pillars, a corporation’s API attack surface area is significantly reduced. To deploy API Security, we recommend the following four pillars:

Read more