In part 1 of this post, we have established the overall value proposition of defining reusable KPIs in an attempt to assess and drive the concept of reuse within your API platform. Once the capability to establish and monitor both abstract baselines and progress against them have been established within an enterprise, the next step is to determine what metrics are worth tracking, where they break down, and how they relate to each other.
A lot of enterprise IT concepts and tools have experienced dramatic change in the last decade. Several long-lived rules of thumb have faded into irrelevance. However, one conceptual holy grail has survived the volatility of the IT transformation toward all things cloud, DevOps, and APIs: reuse. Like historical explorers seeking the Northwest Passage, enterprise IT executives have long sought out ways (e.g. SOA) to drive down the cost of solution development through code reuse.
Cybersecurity solution provider Trend Micro has issued a report that highlights how chat platform APIs can and are being used by cybercriminals to achieve their nefarious objectives.
Because of the degree to which Webhook APIs are involved (an API attack vector not previously discussed on ProgrammableWeb), the warnings and incidents should serve as a wake-up call to API providers and developers when it comes to the sorts of best practices and ongoing vigilance it takes to fully secure their customers and systems.Provided that the incentives are worth it,
The Internet of Things (IoT) is supposed to have 10 times the impact of the Web itself, which means it has potentially 10 times the risk for complication, and, with its ubiquity, 10 times the risk to security. Each “Thing” we encounter in our daily and professional lives could potentially be connected within the next couple years. And with so many, many more players, manufacturers, protocols, and programming languages, it all gets exponentially more complicated.
This is part 3 of my API security blog series. I will be showing an example scenario of how Anypoint platform can be a vital component of a secure API-led architecture and the capabilities to securing the API.
This post will be part 1 of 3 for my ultimate guide to API security best practices series. In this post, I will be discussing the current concerns IT decision makers have in regards to their current digital assets.
Ars Technica had a scary article this week about an IoT search engine that allows users to search for webcams displaying anything, including marijuana plantations, bank back rooms, kitchens, bathrooms, and yes, sleeping babies. Webcams have easily exploitable security vulnerabilities, and those webcams are broadcasting video via API.
Part of the security problem is consumers. Because webcam manufacturers are working with very tight margins, and customers haven’t seen value in privacy and security,
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400M or more, senior IT decision makers are right to be concerned about API security.
In April 2013, hackers hijacked the Associated Press’ Twitter account to post one fake tweet about two bombs exploding at the White House and the President being injured. As a result, the stock market went into a 143-point free-fall before the hoax was exposed and Dow Jones Industrial Index recovered. The entire episode may have only lasted 3 minutes, but thanks to programmed trading, billions of dollars can be made or lost in milliseconds.
MuleSoft provides the most widely used integration platform for connecting any application, data source or API, whether in the cloud or on-premises. With Anypoint Platform®, MuleSoft delivers a complete integration experience built on proven open source technology, eliminating the pain and cost of point-to-point integration. Anypoint Platform includes CloudHub™ iPaaS, Mule ESB™, and a unified solution for API management™, design and publishing.