Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mamoon Yunus

API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have invested almost two decades of engineering effort and significant capital in building API Security stacks to lockdown APIs. The API Security stack diagram shown below is a building block for rapidly locking down APIs. The four fundamental pillars of API Security - SSL, Identity, Content Validation and deployment architecture - are discussed in detail below. Here are four fundamental steps that an enterprise can take to ensure that their APIs attack surface area is significantly reduced. To implement API Security: Enable SSL: One can rapidly protect API traffic by enabling SSL and changing http to https. This is a good first step in protecting the traffic from an API consumer to an API producer, however, the following items should be considered in tightening secure API communication: Check X... (more)

API Security: OWASP 2017 RC1 Gets It Right | @CloudExpo #API #SOA #Microservices

API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong? API Security has been added to OWASP Top 10 2017 - RC1. This is a commendable step... (more)

Why is a Cloud Gateway Required?

Gateway Sessions at Cloud Expo Security has been on the forefront of discussion in the technology community as being the primary concern gating enterprise adoption of cloud computing. Although this is a valid concern, most cloud providers, owing to the security demands of maintaining a multi-tenant infrastructure, provide strong security provisions, perhaps better than an enterprise's own data center. Legal, compliance and process issues become more significant rather than technical security concerns. Moving into 2010, reliability will be a higher concern for enterprises. Recent ou... (more)

Support Real Healthcare Reform: Start Using HL7 v3

Health Care at Cloud Expo We all know that technology is key to reducing health care costs, eliminating dangerous errors, and eventually providing coverage for all.  I like learning from others, so while we consider ourselves innovative, there is no point in repeating mistakes made by others.  Here's a fact motivating the Dutch -- one of the leading nations in using modern technology (SOA, XML. HL7v3, Schematrons, Virtualization, Cloud computing) for solving their heath care problems: "Currently some 90.000 people (out of a population of 16 million) are hospitalized yearly due ... (more)

MIT Technology Review Covers Cloud Security

Security at Cloud Expo MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing.  Some of the interesting points in this article include: The cloud security threat is across two related dimensions: cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing. cloud data may be mishandled by the cloud provider because of technology gaps, but more importantly, such information can be extract... (more)