API Security

API Security and OWASP Top 10

By | Date posted: August 7, 2017

API Security and OWASP Top 10 are not strangers. Many years ago (circa 2009), we presented our test results on Techniques in Attacking and Defending XML/Web Services. Fast forward to 2017, OWASP has recognized API Security as a primary security concern by adding it as A10 – unprotected APIs to its list of top 10 vulnerabilities facing web applications. Forum Systems has been at the center of building solutions that address API Security and looks forward to further working with security thought leaders in making enterprise and cloud APIs secure.

API-Security
Read more

Cloud(ed) Judgment: OneLogin’s Breach Continues to Fuel the Security Debate

By | Date posted: June 26, 2017

When it comes to the next big data breach, it’s never a matter of if, but a discussion of when.

This time, the target was identity and access management firm OneLogin, which recently shut down its U.S. data center due to compromised Amazon Web Services (AWS) keys. With the company serving more than 2,000 enterprises across 44 countries, the incident has been referred to as a “massive leak” and once again raised questions about cloud security.

As we continue to learn, everything that the cloud represents is great… until it’s not.
Read more

The President’s New EO Gets the Gist of NIST

By | Date posted: June 8, 2017

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the fact that it (rightly) cast a renewed spotlight on the National Institute of Standards and Technology (NIST) Framework.

Read more

PSD2: An Open Concept in Banking Mandating the Use of APIs

By | Date posted: April 25, 2017

A revolution is occurring in European banking and APIs are leading the way.

Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU.” Legislated by the European Commission, the objective of the PSD “is to make cross-border payments as easy, efficient and secure as ‘national’ payments within a Member State.”

To accommodate the rapid rise of new online payment providers – third-party payment providers (TPPs) – the European Commission proposed a revision in 2013. Building on the PSD’s key principles, PSD2 was ‘born’ to make payments safer and more secure, enhance consumer protection, foster innovation and promote competition while ensuring a level playing field for all payment service providers.

In force since 2016, EU Member States must implement PSD2 by January 2018.

Read more

(Cloud)Flare Up: What you Need to Know about Ticketbleed

By | Date posted: March 2, 2017

As you’ve likely seen, last month, Cloudflare Engineer and crypto expert Filippo Valsorda discovered a software bug in F5 appliances. Named “Ticketbleed,” since it leaks SSL session identities like the famed Heartbleed, the vulnerability is in the transport layer security (TLS) stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time. F5 has since issued a patch for the vulnerability, cataloged as CVE-2016-9244, but we decided to take a closer look.
Read more

Forum Systems to Share Insights on the Enterprise Security Requirements for Predictive APIs

By | Date posted: October 6, 2016

CTO Jason Macy to Discuss the Need for and Value of Strategic API Security-Driven Hybrid Cloud Architectures at PAPIs ‘16

BOSTON, October 6, 2016  Forum Systems Inc. today announced that CTO Jason Macy will explore enterprise security best practices for predictive APIs at PAPIs ‘16. Taking place October 11-12 at the Microsoft New England Research and Development Center (N.E.R.D.), the annual event is the premier forum for new machine learning APIs, techniques, architectures, and tools.

Read more

Forum Systems Teams with Trustis to Deliver API Security Solutions on the G-Cloud 7 Framework

By | Date posted: January 26, 2016

Strategic Partnership Enables UK Government Agencies to Procure Leading API Security Management Technology on Crown Commercial Service’s Digital Marketplace


 

BOSTON, January 26, 2016 – Forum Systems Inc. today announced a strategic partnership with Trustis to deliver its award-winning API Security Management platform to UK public sector organizations on the G-Cloud 7 framework. Forum Sentry, which serves as the foundation of Trustis’ API Management & Cloud Gateway solution, can now be obtained in the Crown Commercial Service’s (CCS) online catalog, the Digital Marketplace. Read more