API gateway – Page 2 – WindowsTechs.com

Tyk raises $35M for its open-source, open-ended approach to enterprise API management

Posted on September 16, 2021 by Ingrid Lunden

APIs are the grease turning the gears and wheels for many organizations’ IT systems today, but as APIs grow in number and use, tracking how they work (or don’t work) together can become complex and potentially critical if something goes awry. Now, a startup that has built an innovative way to help with this is […] Continue reading Tyk raises $35M for its open-source, open-ended approach to enterprise API management→

Is there any additional overhead over using Oauth vs Client Certificates?

Posted on January 15, 2021 by tjax03

I have a requirement to add security between service to API communication. The current implementation is client certificates. The client gets a certificate and just sends it in a cookie to the API. API does zero verification of the certifi… Continue reading Is there any additional overhead over using Oauth vs Client Certificates?→

client security separate from user context

Posted on January 13, 2021 by drobert

Consider the following set up applications and services:

apps:

mycompany.com webapp

apis:

products api
orders api

mycompany.com’s webapp uses OAuth2/openidconnect with an IdP (such as auth0) to authenticate a user, and a JWT token … Continue reading client security separate from user context→

How to build a serverless API from scratch

Posted on September 15, 2020 by Serkan Özal

The post How to build a serverless API from scratch appeared first on Security Boulevard.
Continue reading How to build a serverless API from scratch→

Oauth2 for microservices API gateway

Posted on July 25, 2020 by user1319236

I am creating an API gateway (Jwt based) to protect my microservices APIs. I was thinking in order to enhance security at authorization i could implement Oauth2 protocol at the gateway level. Is that a good idea and why?

Continue reading Oauth2 for microservices API gateway→

How to prevent horizontal escalation attacks when a centralized authorization service as gateway is used?

Posted on July 20, 2020 by Daniel Arechiga

Say I have a gateway which provides authorization mechanisms by validating a JWT, behind an api-gateway there are different micro-services but only the gateway port is public. As a software designer you decide to make all micro services un… Continue reading How to prevent horizontal escalation attacks when a centralized authorization service as gateway is used?→

How can API documentation helpful to exploit any application?

Posted on May 17, 2020 by Nitin Rastogi

Here I want to understand what if private API Documentation is exposed how can a hacker exploited the application as all the endpoints have authorization & authentication.
its is really going to be helpful for a hacker to exploit with … Continue reading How can API documentation helpful to exploit any application?→

Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1

Posted on April 9, 2020 by Kim Lambert

Web application firewalls continue to be a core technology function for securing critical assets, and for IT professionals, market analyst reports and validation are critical when deciding upon new WAF solutions. That’s why we’re proud to s… Continue reading Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1→

Generate new AccessToken each time user update his Information

Posted on April 4, 2020 by Natanel Soussana

im building a PWA app , where i implemented jwt token to auth users.

i have 2 main architecture problems ,but let me introduce you what im building .

i’m Building application that is all about dog lovers , this application is to post los… Continue reading Generate new AccessToken each time user update his Information→

Application layer DDOS attack detection – enough to analyse only GET/POST requests?

Posted on March 23, 2020 by Rumesh Madhusanka

I am developing a DOS attack recognition module for application layer requests.
The application has a backend consisting several APIs. They all are connected through an API gateway(developed in Node Js). Every request is recorded to a data… Continue reading Application layer DDOS attack detection – enough to analyse only GET/POST requests?→