API Security Weekly: Issue #67
In this article, take a look at some tips to keep your APIs safe.
Join the DZone community and get the full member experience.Join For Free
This week, the OAuth 2.0 Token Exchange got its RFC, and there is an upcoming webinar on JWT. In addition, we take a look at where to start with securing your APIs, and how 2020 seems to be shaping up according to analysts.
Standard: OAuth 2.0 Token Exchange
This proposed standard documents a pattern that is already widely deployed in production use. For example, such household names as Microsoft, RedHat, and Salesforce have already adopted this approach to name but a few.
Webinar: Are You Properly Using JWTs?
Join the webinar by Philippe Leothaud on JWT security best practices next Thursday, January 30, 2020 11:00 AM PST. This webinar will cover:
- Typical scenarios where using JWT is a good idea and a bad idea
- The principles of zero trust architecture and why you should always validate everything
- Best practices to thoroughly validate JWTs and the potential vulnerabilities if you do not do so
- Use cases for when encryption might be required for JWT
Click here to register and secure your place in the webinar. First come, first served!
You might also like: Four Most Used REST API Authentication Methods
API Security: 4 Tips to Keep Your APIs Safe
Jonathan Greig from TechRepublic has written a quick practical post on the first steps to keeping your APIs safe when they are increasingly the focus of attackers.
His four top tips for getting started with API Security:
- Security team setup
- Third-party use
Worth a read for anyone starting to looks at API security.
Analysts: Aite on 2020 Cyber Threats
Aite Group has published a report on the trends in cybersecurity in 2020. Their Top 10 list includes changes not only in technological solutions but also in business landscapes and job markets:
- The rise of the ransomware
- Difficulties in filling cybersecurity positions
- API security solutions
- Cloud misconfigurations leaking data
- SIEM and SOAR
- Increased requirements data privacy and compliance
- BAS solutions
- Microsoft aggressive in the security market
- Security analytics platforms replacing SIEM
- Flat networks
Recommended reading for anyone who wants to stay on top of the trends shaping the field.
You can subscribe to this newsletter at APIsecurity.io.
API Security Weekly: Issue #57 — In this article, look at the recent API vulnerabilities at Facebook, Amazon Ring, and GitHub.
Published at DZone with permission of Dmitry Sotnikov, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.