SSL

Four Pillars of API Security

By | Date posted: August 18, 2017

API Security is complex! Vendors like Forum Systems, IBM, CA and Axway have invested almost 2 decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is essential for rapidly locking down APIs. In this article, we review “The Four Pillars of API Security” — SSL, Identity, Content Validation and Architecture.

API Security Stack

Before addressing the Four Pillars of API Security, it is essential to recognize that a robust PKI is a must for enterprise-grade API Security. Without proper key life-cycle management, the API Security Pillars cannot be built.

Once a solid PKI foundation is in place, an organization can build API Security Pillars on this foundation. Without a robust PKI foundation to stand on, API security pillars will collapse. With a solid foundation and strong pillars, a corporation’s API attack surface area is significantly reduced. To deploy API Security, we recommend the following four pillars:

Read more

Key Generation and Certificate Signing Request

By | Date posted: January 30, 2014

SSL-protocol and data-level encryption are both based on Public Key Infrastructure (PKI) that uses public-private key pairs for asymmetric cryptography.  Generating such key pairs and issuing a certificate signing request are initial steps for enabling privacy.  Learn how to generate keys in Forum Sentry without requiring command line toolkits such as openssl. These key pairs can then be consumed by SSL or content encryption policies for securing XML, HTML, SOAP, JSON over a variety of protocols.

Read more

SSL Policies for securing your APIs

By | Date posted: January 29, 2014

Forum Sentry provides granular control for centralized SSL/TLS protection of your APIs running on application servers, web servers or message queues.  Forum Sentry typically sits in front of such components and deals with all the SSL related communication for your APIs so that you can focus on building business functionality while Forum Sentry takes the ownership of your security policies.

Learn how to set SSL policies for your XML, JSON, HTML, SOAP traffic and the benefits of using Forum Sentry for protecting your SOA, API components.

Read more