apis | The Blog Pros

February 7, 2020

API Security Weekly: Issue #69

This week, we look at the recently patched API vulnerabilities in Microsoft Azure Stack and Azure Cloud infrastructure, and in Cisco TelePresence and RoomOS. In addition, there is a recorded conference talk on API pentesting, and Yelp has released an open-source tool for API fuzzing.

Vulnerability: Azure Cloud infrastructure

Ronen Shustin from Checkpoint Research has reported two API vulnerabilities in Azure Cloud infrastructure and has written a very detailed description of them. Microsoft has already fixed both vulnerabilities.

January 31, 2020

Implement GraphQL With Spring Boot by Connecting to Oracle

Introduction

GraphQL is a query language for APIs. According to Wikipedia, "GraphQL was developed internally by Facebook in 2012 before being publicly released in 2015."

There are many benefits with GraphQL:

January 30, 2020

API Security Weekly: Issue #68

This week, we take a look at where API security is at on Gartner Hype Cycle, what the threatscape for 2020 looks like according to McAfee, and a SANS Institute whitepaper on DevSecOps.

Analysts: API Security in Gartner Hype Cycle

Gartner published their Hype Cycle for Application Security, 2019 a few months ago. The Hype Cycle provides a graph on where we are in application security in terms of the maturity of technologies and their adoption; what is up and coming and what is already established.

January 24, 2020

API Security Weekly: Issue #67

This week, the OAuth 2.0 Token Exchange got its RFC, and there is an upcoming webinar on JWT. In addition, we take a look at where to start with securing your APIs, and how 2020 seems to be shaping up according to analysts.

Standard: OAuth 2.0 Token Exchange

IETF has published the RFC 8693 for OAuth 2.0 Token Exchange.

January 17, 2020January 20, 2020

25 Best APIs to Give Your Business a Head-Start

The integration of APIs is one of the most effective ways to build new features in online businesses and increase their revenue and growth. Smartly chosen APIs not only save time but are also quality-driven and cost-effective. In this article, we've highlighted a curated collection of 25 of the best APIs available to achieve common features.

The benefits of these APIs are not always obvious or visible as these are something that works behind the scenes. Therefore, before we dig right into the Best APIs, let us first understand what an API is.

January 10, 2020

API Security Weekly: Issue #65

This week, we look into the recent API vulnerabilities in Siemens plant operation control system, D-Link routers, and Cisco network management. In addition, OWASP has formally released their first-ever Top 10 list of API security.

Vulnerability: Siemens SPPA-T3000

The application server of the Siemens plant operation control system SPPA-T3000 had API vulnerabilities. The AdminService API was accessible without authentication as long as you had network access to it and knew how to craft requests for it.

January 2, 2020

Hybrid Integration and API Management (What’s the Difference?)

In the broad integration markets we play, terminology moves fast, as does technology. Most recently, a set of questions and discussions have surfaced on HIP-hybrid integration platforms and API Management Platforms. What's the difference? What is the relationship between them?

Some answers lie in two other blogs: (1) the differences

December 27, 2019

How Real-Time APIs Power Our Lives

How Real-Time APIs Power Our Lives

The other day I went to dinner, and it made me appreciate the need for fast application programming interfaces (APIs). Confused? Let me explain.

To get to dinner, I used an app to hail a car from my smartphone. Most of us are familiar with this routine — you open the app, enter your destination, get a ride, step out of the car when you arrive, and pay for your trip automatically using the credit card on file. While you're waiting for the driver to pick you up, the map updates in real time to indicate the location of the car on approach. But on that day, the app did not update the map. I waited five increasingly uncomfortable minutes, not knowing if a driver was on the way or had even accepted my request. After 10 minutes, I got frustrated and switched to an alternative ride-hailing app! This time I was successful and watched in real time as my driver approached and picked me up. I made it to dinner with a few minutes to spare.

December 20, 2019

API Security Weekly: Issue #62

This week, we look at the recent API vulnerabilities in Amazon Ring’s Neighbors app and the Droom vehicle marketplace, articles on API security and WebSockets, an opinion piece on the most exploited API vulnerabilities, and a couple of recorded webinars.

Vulnerability: Amazon Ring

Gizmodo reports that Amazon Ring’s crime-alert app, Neighbors, exposes too much data through API calls. The coordinates included in the posted videos are so detailed that the locations of cameras and the users are exposed with extremely accurate precision.

December 18, 2019

Converting Test Cases Into a Successful Project

Find out how to create a successful project.

Too often, there are factors that can lead to a major change. A change that affects a lot of processes and people involved in the software development process. Here, let’s have a look at how changing a test management tool can have an impact on a project that works perfectly well from all points of view.

You may also like: 17 Lessons I Learned for Writing Effective Test Cases

December 6, 2019

API Security Weekly: Issue #60

API Security Weekly

This week, we look into a vulnerability in Microsoft Azure OAuth implementation that could have lead to the take-over of Azure accounts. In addition, we take a look at the security in the shopping apps on mobile phones and 5G networks.

In other news, the recording of our OWASP API Security Top 10 webinar is now available, and we have a follow-up session coming up.

November 22, 2019

API Security Weekly: Issue #58

API Security News

This week, we continue to look at the upcoming OWASP API Security Top 10, discuss organizational changes that can make organizations more cybersecure, check out another security checklist, and upcoming API security conferences.

You might also like: How to Secure APIs

API Vulnerability Explained: Broken Object Level Authorization

Broken Object Level Authorization (BOLA, aka IDOR) holds the #1 spot in the OWASP API Security Top 10 as the most common and most severe API vulnerability.

November 8, 2019

API Security Weekly: Issue #56

API Security News — Vulnerabilities

This week, API vulnerabilities were reported in Rittal cooling systems. In other news, there is an API vulnerability cheat sheet that you can print and put on your wall, an overview of common JWT attacks, and a GlobalData report on the trends in API management and API security.

You may also like: REST API Security Vulnerabilities

Vulnerability: Rittal Industrial Cooling

Applied Risk has found two critical vulnerabilities in Rittal industrial cooling equipment. If attackers know the URLs to invoke, they can bypass authentication and turn cooling on or off or set the temperature.

November 7, 2019

API Management Executive Insights

API Management

We are now living in an API-first world. To gather insights on the current and future state of API management, I asked IT professionals from 18 companies to share their thoughts.

October 25, 2019

Authentication and Authorization: Mastering Security

Don't be this paranoid... but maybe be a little paranoid

In this edition of "Best of DZone," we dive into a topic that's forgotten all too often during software development: security. So, strap in, close the blinds, and, as our CTO likes to say, "Put on your tin foil hats," as we dive into all things authentication and authorization.

Whether it be auth basics, adding auth to your web apps, microservices, or APIs, or getting started with JSON Web Tokens (JWTs), we (meaning our amazing community of contributors) have your back to make sure your next project is completely secure, no matter the situation.