Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mamoon Yunus

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step taken by the web application security thought leaders and is a clear indication of where the industry is heading. Security professionals have all the tools and awareness to fence in applications, databases and legacy systems through firewalls. OWASP has served the security professionals well... (more)

API Security - Four Quick Steps to Lockdown | @CloudExpo #API #IoT #DX

API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have invested almost two decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below. Here are four fundamental steps that an enterprise can take to ensure that their APIs attack surface area is significantly reduced. To implement API ... (more)

API Security - vendors look to develop NG-WAFs

API security is now a central concern for Web Application Firewalls (WAF).  For over a decade, WAFs have been  a necessary component of most web-based applications deployments. WAFs typically sit inline and protect inbound and outbound corporate traffic against vulnerabilities. These vulnerabilities have been cataloged by OWASP Top 10 for over 15 years. 2017, marks the first year where API security has made it in the OWASP Top 10 RC1. Radware, a WAF solution provider has published an interesting article titled "Why there is no API security" where they make the following key points:... (more)

Understanding Cloud Taxonomies and Security

XML Security at Cloud Expo OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. The three taxonomies that have become part of our vernacular are: Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application.  Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services.  If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an Iaa... (more)

"Swamp Computing" a.k.a. Cloud Computing

Secure Cloud Computing on Ulitzer Security in the Ether, by David Talbot MIT Technology review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing. Some of the interesting points in this article include: The cloud security threat is across two related dimensions: i) cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing and ii) cloud data may be mishandled by the cloud provider because of technology... (more)