Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mamoon Yunus

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

API Security - Four Quick Steps to Lockdown | @CloudExpo #API #Cloud #Security

API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have invested almost two decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below. Here are four fundamental steps that an enterprise can take to ensure that their APIs attack surface area is significantly reduced. To implement API ... (more)

API Security - SD Times Review of OWASP Top 10 - RC1

API Security has finally made it into mainstream security consciousness. The premiere web application security OWASP Top 10 Threats has published its Release Candidate 1 (RC 1). SD Times provided a comprehensive overview on the implications of including API Security as a part of OWASP Top 10 2017 - RC1. Here's an excerpt for SD Times article: The next major addition is Underprotected APIs, since the use of APIs has exploded in modern software, said Williams. There are a variety of protocols and data formats used by these APIs, including SOAP/XML, REST/JSON, RPC, GWT, and others. ... (more)

Understanding Cloud Taxonomies and Security

XML Security at Cloud Expo OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. The three taxonomies that have become part of our vernacular are: Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application.  Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services.  If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an Iaa... (more)

"Swamp Computing" a.k.a. Cloud Computing

Secure Cloud Computing on Ulitzer Security in the Ether, by David Talbot MIT Technology review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing. Some of the interesting points in this article include: The cloud security threat is across two related dimensions: i) cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing and ii) cloud data may be mishandled by the cloud provider because of technology... (more)