The latest news on the API economy
Searching: No Search Term , Filtered By Category: "Security"
This is the sixth part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part considers how many API and third party app deployments exist.
This is the first part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at the actual security concerns surrounding APIs.
This is the eighth part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how to mitigate the security risks associated with APIs.
This is the ninth part of ProgrammableWeb’s series, Understanding the Realities of API Security based on testimony by ProgrammableWeb’s David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how certification authorities could help to instill API consumer confidence.
This is the conclusion of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part is a condensed version of Berlind's five minute oral presentation.
As part of their bi-annual State of Software Security (SOSS) Report, Veracode released the findings of the Fall 2015 publication. Drawing on more than a trillion lines of code, the report shows that some programming languages and platforms suffer from more security risks than others.
Lockr, a new key management service for content management systems is now available for Drupal and WordPress. Lockr provides an off-site, hosted key management service that can help secure Drupal and WordPress powered websites as well as meet PCI DSS, HIPAA and other security requirements.
Google has long fielded complaints of sign-in requirements associated with Google Play Games. The Google+ requirement and multiple sign-ins required for multiple games has been a hotbed of frustration. Google announced the end of both requirements as part of a Google Play Games API model change.
If your app uses OAuth as a means of authentication, you are likely storing users' OAuth tokens in a database. To maintain the secrecy of these tokens, you can use encryption both in transit and at rest. This article shows how SecureDB can encrypt OAuth tokens in a matter of minutes.
A cornerstone feature of any Web application is the login page. This article take you step by step through the process of adding phone number powered second factor authentication (2FA) to a Web application by taking advantage of Nexmo's Verify API. This tutorial requires knowledge of PHP.
Developers are opting for phone verification over email verification as it is effective in reducing spam accounts. Adding phone verification to your app doesn't need to be complex. This tutorial shows how to use Nexmo Verify SDK for iOS in a "To-Do List" application that uses Parse for a backend.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
As more security vulnerabilities in IT software are discovered and exploited by malicious endeavours, Cisco has released its openVuln API that automates the sharing of security vulnerability information in a move aimed at nurturing an open security automation standard across the industry.
Target is on the data breach hot seat again, just two weeks after settling its massive 2013 data breach. This time, an API vulnerability tied to the Target app wishlist functionality led a security firm to easily retrieve personal information from app users. The API requires no authentication.
IBM announced the opening of its zero-knowledge proof platform, Identity Mixer to developers on the Bluemix cloud. The goal of Identity Mixer is to reduce the need for individuals to transmit personal details to online services, instead relying on a “digital membership card”.
Accurate Background enhanced its employee screening API to include international search. The feature arrives after a decade of developing in-country and regional contacts, language skills, and regulatory compliance knowledge. API access to the resources streamlines international background checks.
To help developers increase the security of their apps, PayPal has updated its developer portal to include a self-service credential provisioning feature that allows developers to generate their own client-secret pairs, which developers use to authenticate their apps with the PayPal API.
One important consideration for any aspiring IoT company is having robust security. This article looks at five security considerations to think about when designing an IoT system.
The World Wide Web Consortium (W3C) has formed a Web Payments Working Group to develop recommendations that will "make payments easier and more secure on the Web."