The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security"
This weekend's look at what what going on in the world of APIs discusses Russian search giant Yandex's open sourced machine learning library, CatBoost. We also cover an Email Verification API from validation company SmartSoft, and look at HP's release of their data protection suite backed by an API.
In today's look at what what going on in the world of APIs we discuss Yahoo's streaming data query engine, Bullet, which promises the ability to run 'look-forward' queries; Distil Networks released Bot Defense for API aimed at ensuring authorized users are access API servers and more.
Distil Networks has launched Bot Defense for API, a solution that protects API servers from bots. It protects API servers by determining if a human is using a verified browser or mobile device to gain access. It also determines if a browser is legitimate or an API client masquerading as a browser.
The scariest thing about how organizations are diving into APIs like they're the latest gold rush is how few of them are taking API security seriously. Even if they did, they might turn and tuck tail. API security is hard. Very hard. And there's no easy button. Elastic Beam thinks it has the cure.
Can an automated, AI backed security solution for your API infrastructure really replace a team of security engineers? As the week comes to a close, we examine that question as well as offer a look at some new APIs and SDKs, as we bring you the news we couldn’t cover in the world of APIs.
It was only a matter of time before the idea of a free VPN started to get traction. There's one from Opera for Opera users (that only works on browser traffic). Now, there's another from ProtonMail. How long will it be before Google offers one? And what database should you be spending time with?
The week is coming to a close which means it’s time to bring you the news we couldn’t cover with a look at what what going on in the world of APIs. In time for the tenth anniversary of reCAPTCHA Google announced that they are bringing the spam protection service to Android.
TeleSign has greatly enhanced the iOS SDK for its App Verify service. The SDK allows app developers to handle verification completely in the background without multiple steps required for an onboarding user. By simply entering a phone number, the app exchanges with the phone for verification.
While it seems like hardly a month can go by without hearing about an attack on some IoT device - everything from NannyCams-Gone-Wild to rogue cable modem/routers - the state of IoT security doesn't seem to be improving. And why? Because, many thing-makers are just too laissez-faire about security.
Too many people don’t know the difference between OpenID Connect and the OAuth 2.0 specifications. This results in devs publishing insecure apps because they’re using an ID token to secure the API where they should be using an access token. This article helps explain to you the difference.
Zenedge has launched Zenedge API Security, a product designed to protect APIs from DDoS attacks and malicious bots. The product uses advanced algorithms to make sure API requests are legitimate. Zenedge API Security includes a proprietary native SDK for use with Web and mobile applications.
Fifteen APIs have been added to the ProgrammableWeb directory in categories including Security, Big Data, Email, and Bots. A highlight today is the PassiveTotal API from RiskIQ which helps to thwart cyberattacks by proactively blocking malicious infrastructure. Here's a look at what is new.
Blockchain is the digital ledger system in which transactions made in Bitcoin or another cryptocurrency are recorded. This identity is changing and evolving quickly, and Blockchain may have found a calling as a security solution for API integrations. Can Blockchain help secure API integrations?
Sometimes, there's more API economy news than there's time to cover it. But you deserve to know, right? So, here's another installation of ProgrammableWeb's "Briefly, In other API Economy News" so you see some of that other stuff that comes our way, but that might not otherwise get covered.
A pair of stories surfaced this week that serve as important reminders of how complicated, nuanced, and difficult API security really is. Even the biggest companies with the deepest pockets can't possibly be perfect when it comes to the security of their various API offerings and solutions.
RiskIQ announced API updates to its cyber event investigation platform: PassiveTotal. The updates include the addition of projects and monitoring. Projects allow users to organize investigations within third party security infrastructure. Monitoring provides alert and response capability.
The amount of data captured for analysis is increasing all the time. Often this data is fed into multiple systems that need to analyze, process, persist or perform other operations with it. It is important that these systems make sure that sensitive data is identified and redacted.
There are three standard ways to manage API authentication these days: API keys, OAuth tokens and JSON Web tokens (JWT). Adam Duvander over at the Zapier engineering blog explains how and when to use them. The humble API key is the common and earliest form of API authentication.
A researcher has found a vulnerability in the latest version of reCAPTCHA that could let spambots bypass reCAPTCHA fields across millions of sites. The developer has a script that uses Google’s speech recognition API to solve audio challenges associated with the latest version of reCAPTCHA.
Tesla's backbone API suffered a 20 hour outage earlier this week that left the company's keyless driving feature and mobile app monitoring unavailable. While the outage represented more of an inconvenience than a devastation, the vulnerability highlighted the dangers of an API-driven auto market.