The internet is fundamentally an unsafe place. For every service, every API, there are users who would love nothing more than to break through the various layers of security you’ve erected.
Posts Tagged: authentication
In the initial years of the world wide web, much was innovated as it was needed — while the fundamentals were open and commonly agreed upon, the systems that used these fundamentals often were not. Innovation led to unique solutions, which led to the development of proprietary systems and approaches. Read more
Unfortunately, the reality of mobile apps is that at some point, someone is going to try to do something they’re not allowed to. Whether this is through brute-forcing keys, spoofing identities, or simply issuing distributed attacks across the application’s server dependencies, the threat to public-facing APIs in the mobile space is real, dangerous, and often inefficiently mitigated. Read more
How does one go about securing APIs, microservices, and websites? One way to do this is by focusing on the identity — knowing who the caller is, and what the caller is allowed to do with your data. Too often, though, providers rely too heavily on user social identity, pairing it way too closely with the design of their APIs. Read more
These days, APIs need to be strong. They need to be versatile to change, and must triumph in the face of malicious schemes hackers use to disrupt core systems. But how does a provider consistently maintain security across their API platform, and consistently check to see that security is maintained throughout continuous code deployments? Read more