|By Jackie Kahle||
|July 31, 2014 02:30 PM EDT||
Andi Mann from CA Technologies recently pointed out that, at every turn, customers are interacting more and more with businesses through applications. "Think of real estate businesses like Trulia, Zillow and Realtor.com," he wrote in Wired's Innovation Insights. "Or think about restaurants. It used to be that we'd call a restaurant to make a reservation, or even drop in and make a reservation. Now it's all on-line, through OpenTable, or Foursquare." This is the emergence of the Application Economy, where the application becomes the primary point of contact between the business and the customer.
Much of this is being made possible through the use of Application Programming Interfaces (APIs) to link front-end applications to back-end information systems. This approach is exploding in popularity because it builds on well-understood techniques from the web and leverages some existing infrastructure.
But it is a mistake to think we can secure APIs using the same methods and technology that we used to secure the conventional, browser-centric web. While it is true that APIs share many of the same threats that plague the web, they are fundamentally different and have an entirely unique risk profile that you need to manage.
Good API developers understand the threat profile of what they are designing. Unfortunately, many API developers come directly from a web design background, and may bring with them some bad habits. It's important to recognize that despite their common roots and sharing of infrastructure, web design and API design have separate goals and demand different approaches.
A new SlideShare posted by CA Technologies, How Risky are Your APIs?, explains the potential risks of APIs and highlights the three most common forms of attack.
The SlideShare is based on a recent eBooklet published by Scott Morrison of CA Technologies, Five Simple Strategies for Securing Your APIs, which not only goes into much greater detail on the threats but lays out five simple steps that organizations should be taking today to reduce their risk.
Chris Van Tuin, Chief Technologist for the Western US at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, he has been architecting solutions for strategic customers and partners with a focus on emerging technologies including IaaS, PaaS, and DevOps. He started his career at Intel in IT and Managed Hosting followed by leadership roles in services and sales engineering at Loudcloud and Linux startups.
Oct. 10, 2015 03:00 PM EDT Reads: 259
Saviynt Inc. has announced the availability of the next release of Saviynt for AWS. The comprehensive security and compliance solution provides a Command-and-Control center to gain visibility into risks in AWS, enforce real-time protection of critical workloads as well as data and automate access life-cycle governance. The solution enables AWS customers to meet their compliance mandates such as ITAR, SOX, PCI, etc. by including an extensive risk and controls library to detect known threats and b...
Oct. 10, 2015 03:00 PM EDT Reads: 249
Oct. 10, 2015 02:00 PM EDT Reads: 349
Oct. 10, 2015 02:00 PM EDT Reads: 306
Oct. 10, 2015 02:00 PM EDT Reads: 167
Oct. 10, 2015 02:00 PM EDT Reads: 502
Oct. 10, 2015 01:45 PM EDT Reads: 158
Oct. 10, 2015 01:00 PM EDT Reads: 244
Oct. 10, 2015 01:00 PM EDT Reads: 759
Oct. 10, 2015 01:00 PM EDT Reads: 217
Oct. 10, 2015 01:00 PM EDT Reads: 270
Oct. 10, 2015 01:00 PM EDT Reads: 165
Oct. 10, 2015 12:45 PM EDT Reads: 145
Oct. 10, 2015 12:00 PM EDT Reads: 195
Oct. 10, 2015 12:00 PM EDT Reads: 128