The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
The 10 most critical API security risks – Part 3: Excessive Data Exposure
The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
The 10 most critical API security risks – Part 2: Broken User Authentication
The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
The 10 most critical API security risks – Part 1: Broken Object-Level Authorization
The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
New Course on OpenID Connect & JWT
Many of my 7100 students of the OAuth course have asked me to create a new course on OpenID Connect & JWT . And I completely understand why. Because as an API professional in 2020, you simply need to know
Three Common Misunderstandings about OpenID Connect
The top three things, that people do not understand about OpenID Connect. Misunderstanding 1: “We already got OAuth, so we don’t need OpenID Connect” Great, that you have OAuth. If you have it long enough, you probably have a big
OAuth 2 vs. OpenID Connect
For API security there are two standards — and both of their names start with the capital letter O. So it is no wonder, people ask all the time: What is the difference between OAuth 2 and OpenID Connect? The
New OpenID Connect Book Available Today!
How should we build signup and login for apps to increase app conversion? It needs to be simple. End-users tend to shy away from tedious onboarding processes or only get halfway through before they give up. How do some of
Spotify API – How to get an OAuth Access Token (API Review Series)
In this week’s episode, I review the Spotify API – more specifically the OAuth capability. My goal: get an OAuth Access Token for my app, so I can call the API. To achieve this goal, I will go to the
The relation between OpenID Connect and OAuth 2
The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures