aws api gateway | The Blog Pros

March 31, 2022

API Security Weekly: Issue 160

This week, we have a vulnerability in the AWS API gateway that allows a potential cache-poisoning attack, disclosed at the recent BlackHat Europe conference, a guide on how to harden Kubernetes API access, a report from Forbes on the need to take API security more seriously, and predictions on what's possible on the next OWASP API security Top 10.

Vulnerability: AWS API Gateway Vulnerable to HTTP Header-Smuggling Attack

At the recent BlackHat Europe security conference, web security researcher Daniel Thatcher disclosed vulnerabilities relating to the AWS API gateway that allowed HTTP header smuggling. Currently, AWS has not responded to this research nor offered a comment regarding the potential vulnerabilities in their API gateway.

February 2, 2022

How to Secure AWS API Gateway With Cognito User Pool

In this blog, you will learn how to configure an AWS API Gateway backed by an AWS Java Lambda. Next, you will learn how to secure the API by means of an AWS Cognito User Pool. Enjoy!

1. Introduction

AWS API Gateway is a managed service which allows you to manage your API. It has many features available like creating the API, publishing it, securing it, versioning it, etc. Some of the features will be covered in this blog, but certainly not all of them.

June 9, 2021

From Architecture to an AWS Serverless POC: Architect’s Journey

Project Context

This year a number of financial services firms have had to comply with a new "401(k)-to-IRA Rollover Advice" fiduciary rule. This rule mandates that wealth managers and broker-dealers must demonstrate "investor's best interest" intent when presenting investment opportunities to their clients.

Many financial services firms with legacy and 3rd party SaaS application landscape face a common challenge of data lineage and data consistency throughout the client onboarding user journey. Throughout this journey, the client’s investment profile is used to put together a proposed investment portfolio and open an investment account.

October 7, 2020

API Security Weekly: Issue #104

This week, we check out the recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and the API security episode in the Application Security Podcast.

Vulnerability: Twitter

A misconfiguration in the Twitter developer portal caused browsers to cache API keys, account access tokens, and account secrets.

June 25, 2020

Snowflake External Functions

Introduction

Snowflake has recently announced external functions available in public preview. This allows developers to invoke external APIs from within their Snowflake SQL queries and blend the response into their query result, in the same way as if they were internal Snowflake functions.

In this article, we will demonstrate how to invoke an API via Amazon Web Services API Gateway that will trigger an AWS Lambda function. The Lambda function (written in Python) then invokes a public API from to return the exchange rate for USD and multiple foreign currencies that can be used to calculate our sales values in USD and a number of selected currencies in SQL query running in our Snowflake warehouse. This solution eliminates the need for loading exchange rates into Snowflake regularly and also guarantees accurate, reliable real-time currency values.

June 14, 2019

Under the Hood of .NET-Based Lambda Function Parameters

This article assumes you have the relevant knowledge to set up and deploy a .NET-based lambda function. You can follow the instruction in this blog if you need some background. Now, let’s review some underlying features of this service so that you can produce more of it in the deployment phase and while it’s up in the air.

Before We Begin

Before diving into the deep water, to produce a benefit from this blog post, you should be familiar with Lambda function concepts and have AWS Explorer installed in your Visual Studio instance. Furthermore, you’d better obtain .NET Core version 2.1.3 or above.

March 25, 2019

API Development Using AWS Serverless Architecture

I recently had the opportunity to work on an AWS-based Serverless architecture solution. This is for ZIP files processing requirements. At a high level, the requirements expected to be delivered from AWS are summarized below:

Create a final output zip file from the contents of source zip files and arrange them in a specific hierarchy of folder structure. There are 2 Systems that will make source ZIP files available in the S3 bucket.
Delete the set of files requested by Pega.
Transfer the output zip file to the external SFTP server.