The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
The 10 most critical API security risks – Part 9: Improper Assets Management
The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
The 10 most critical API security risks – Part 8: Injection
The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
Is the API-key enough? API security issues and their fix
It can be seen over and over again: An API-key is directly embedded in the source code of an app. The most recent incident as of February 2020 is the Iowa caucus app, that contained an API-key right inside the
OAuth 2 vs. OpenID Connect
For API security there are two standards — and both of their names start with the capital letter O. So it is no wonder, people ask all the time: What is the difference between OAuth 2 and OpenID Connect? The
New OpenID Connect Book Available Today!
How should we build signup and login for apps to increase app conversion? It needs to be simple. End-users tend to shy away from tedious onboarding processes or only get halfway through before they give up. How do some of