API Security Weekly: Issue #67

DZone 's Guide to

API Security Weekly: Issue #67

In this article, take a look at some tips to keep your APIs safe.

· Integration Zone ·
Free Resource

Man in suit reading newspaper

This week, the OAuth 2.0 Token Exchange got its RFC, and there is an upcoming webinar on JWT. In addition, we take a look at where to start with securing your APIs, and how 2020 seems to be shaping up according to analysts.

Standard: OAuth 2.0 Token Exchange

IETF has published the RFC 8693 for OAuth 2.0 Token Exchange.

This proposed standard documents a pattern that is already widely deployed in production use. For example, such household names as Microsoft, RedHat, and Salesforce have already adopted this approach to name but a few.

Webinar: Are You Properly Using JWTs?

Join the webinar by Philippe Leothaud on JWT security best practices next Thursday, January 30, 2020 11:00 AM PST. This webinar will cover:

  • Typical scenarios where using JWT is a good idea and a bad idea
  • The principles of zero trust architecture and why you should always validate everything
  • Best practices to thoroughly validate JWTs and the potential vulnerabilities if you do not do so
  • Use cases for when encryption might be required for JWT

Click here to register and secure your place in the webinar. First come, first served!

You might also like: Four Most Used REST API Authentication Methods

API Security: 4 Tips to Keep Your APIs Safe

Jonathan Greig from TechRepublic has written a quick practical post on the first steps to keeping your APIs safe when they are increasingly the focus of attackers.

His four top tips for getting started with API Security:

  1. Authentication
  2. Authorization
  3. Security team setup
  4. Third-party use

Worth a read for anyone starting to looks at API security.

Analysts: Aite on 2020 Cyber Threats

Aite Group has published a report on the trends in cybersecurity in 2020. Their Top 10 list includes changes not only in technological solutions but also in business landscapes and job markets:

  1. The rise of the ransomware
  2. Difficulties in filling cybersecurity positions
  3. API security solutions
  4. Cloud misconfigurations leaking data
  5. SIEM and SOAR
  6. Increased requirements data privacy and compliance
  7. BAS solutions
  8. Microsoft aggressive in the security market
  9. Security analytics platforms replacing SIEM
  10. Flat networks

Recommended reading for anyone who wants to stay on top of the trends shaping the field.

You can subscribe to this newsletter at APIsecurity.io.

Further Reading

API Security Weekly: Issue #57 — In this article, look at the recent API vulnerabilities at Facebook, Amazon Ring, and GitHub.

State of API Security

api ,apis ,api security ,cybersecurity ,newsletter ,oauth 2.0 ,jwt ,webinar

Published at DZone with permission of Dmitry Sotnikov , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}