Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mamoon Yunus

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

API Security - Four Quick Steps to Lockdown | @CloudExpo #API #IoT #DX

API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have invested almost two decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below. Here are four fundamental steps that an enterprise can take to ensure that their APIs attack surface area is significantly reduced. To implement API ... (more)

"Swamp Computing" a.k.a. Cloud Computing

Secure Cloud Computing on Ulitzer Security in the Ether, by David Talbot MIT Technology review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing. Some of the interesting points in this article include: The cloud security threat is across two related dimensions: i) cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing and ii) cloud data may be mishandled by the cloud provider because of technology... (more)

Federated SOA: A Pre-Requisite for Enterprise Cloud Computing

According to Massimo Pezzini, VP and Gartner Fellow, "Federated SOA is a systematic approach to large-scale, enterprise wide SOA that enables organizations to integrate semi-independent SOA initiatives. Often used to fix an initial lack of coordination, federated SOA should be proactively pursued from the inception of major, strategic SOA initiatives." -- Divide and Conquer: Taming Complexity Through Federated SOA. Successful enterprise SOA implementations build on a set of localized, project-level efforts with services that have clearly identified and accountable business and te... (more)

Using SQL Azure for SOA Quality Testing

I. INTRODUCTION Throwing its hat in the Platform as a Service (PaaS) ring, Microsoft has joined the likes for Salesforce.com and Google with its annoucement of Microsoft Azure Platform. Microsoft Windows Azure Platform provides three primary components: Windows Azure: A cloud services operating system that serves as the development, service hosting and service management environment for the Windows Azure platform. SQL Azure: A cloud hosted relational database that removes the burdens of RDBMS installation, patching, upgrades and overall software management for relational databas... (more)