Once More Into the Breach… Less than a month after the Target credit card breach another significant data theft is in the news. This week’s victim is Snapchat, the popular photo sharing social network. Gibson Security announced the weakness, with some solid … Read more >
RECENT BLOG POSTS
News broke last week that a major retailer was the victim of a massive theft of customer credit card data, in what is becoming an all too common cadence of data breaches. Thieves made off with not just the credit … Read more >
The post The Grinch Who Stole Christmas for Target’s Brand and Customers appeared first on Application Security.
It has been several years since Gartner first made their prediction that Citizen Developers will create at least 25% of business applications by 2014. We have quite a few of these at Intel, and I recently shared one of my … Read more >
The post Mobile Access: Citizen Developers Empowered by APIs and HTML5 appeared first on Application Security.
Securosis has a new analyst report out called “API Gateways: Where Security Enables Innovation”. The paper describes how API gateways simultaneously enable security and software development. It shows how security can be enforced practically, without becoming an impediment to productivity … Read more >
De-identifying Data in APIs I was catching up on my RSS feeds over the weekend, reading all the things I missed while I was at IDF, when I saw this great post from Kin Lane calling for “A Masking, Scrubbing, … Read more >
My colleague Blake posted yesterday with a response to Daniel Jacobson’s thought-provoking post, “Why you probably don’t need an API strategy”. Blake spells out some pretty clear reasons why you do need an API strategy and outlines some of the different … Read more >
Last week I (along with many other Intel Employees and customers) attended the Intel Developer Forum at the Moscone Center in San Francisco. I was impressed with the range of mobile application development tools showcased, along with the new devices … Read more >
According to Gartner API Management + SOA Governance = Application Services Governance. This year’s Magic Quadrant reflects that change, updating the title as well as some of the participants. It has been nearly two years since Gartner’s final “SOA Governance” Magic … Read more >
The post Gartner API Management report: Intel an MQ ‘Leader’ appeared first on Application Security.
The Intel Developer Forum (IDF) is coming up in a few weeks, and it’s shaping up to be a great event. Mobile will be a key focus of this year’s IDF, and as you might imagine API management and HTML5 will … Read more >
The cloud holds enormous promise for improving agility, availability, and cost for app deployments. Amazon’s EC2 is especially attractive given the investments they have made in building out capacity around the world, allowing apps to be deployed where they are … Read more >
The post EC2 Security: Bridging Enterprise Cloud Apps to the Mobile Mainland appeared first on Application Security.
Tokenization. It’s not just for PCI anymore. As enterprises migrate to the cloud for improved cost and efficiency, data is being put at risk. A recent scan of Amazon S3 buckets showed a treasure trove of sensitive information being stored … Read more >
The post Join Us Tomorrow: SC eSymposium on Audit & Compliance appeared first on Application Security.
API Evangelist Kin Lane has just released a new paper that provides an overview of the Backend as a Service space. Kin’s research does a great job covering the breadth of tools and services that get lumped in under the … Read more >
The post Cloud Service Brokerage: Enabling MBaaS for the Enterprise appeared first on Application Security.
Kin Lane has started tracking what he calls API Brokers over at API Evangelist. This quote illustrates the promise of API brokerage: I envision other new API brokers emerging, in niche areas like images, video or messaging. Imagine if you could … Read more >
The post Be Your Own Broker: An Enterprise Perspective using API Management appeared first on Application Security.
I saw a conversation today on Twitter that asked why we don’t just embed proper security into Hadoop instead of suggesting the API gateway approach to Hadoop security that my colleague Blake proposed. The same could be asked about any number … Read more >
The post Hadoop Security: Internal or External? Why not both! appeared first on Application Security.
Join us Wednesday, May 22 at 10:00a Pacific / 1:00p Eastern for our next webinar with Capital One and Mashery: APIs are a hot topic in all sectors of IT – they have gone from being niche solutions provided by … Read more >
The post Our Next Webinar: Five Practical Steps to Building an Enterprise Class API Program appeared first on Application Security.
Last year the Open Data Center Alliance published an excellent whitepaper that defined the concept of “cloud-aware” applications. The ODCA paper sets forth the following recommendations: Everything is a Service Use RESTful APIs Separate Compute and Persistence Design for Failure … Read more >
The post Cloud-Aware Tokenization: Helping to Build PCI-Compliant Applications in the Cloud appeared first on Application Security.
A few weeks ago I blogged about different Mobile Middleware usage models for enterprise. Continuing that thread, this post will drill down into API security considerations for enterprise mobile apps. Mobile applications are typically intended for use outside of the … Read more >
The post Mobile Middleware for the Enterprise: API Security Considerations appeared first on Application Security.
This Thursday, I will be presenting a webinar with Forrester covering 4 Building Blocks to Mobilize Your Enterprise App Strategy. As we prepared for this talk, Mike and I talked about a few trends that are emerging in response to … Read more >