The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security"
Fifteen APIs have been added to the ProgrammableWeb directory in categories including DevOps, Video, Reputation, and Security. Highlights today include the Apility API for confirming legitimate vs. fake users, and the Slipstream multi-cloud management API. Here's a rundown of the latest additions.
Private messaging app Confide has launched ScreenShieldKit, an SDK that allows developers to use its anti-screenshot technology in their iOS 10 and 11 apps. ScreenShieldKit can protect text, photos, videos and documents from screenshots taken using a variety of common methods.
Just like airport security, a system hosting a public API has to deal with heavy loads of incoming traffic every day. Most of that traffic is legitimate but not always. David Andrzejek explains to you how you can keep the bad apples out of your API while still serving millions of requests each day.
Over the years, ProgrammableWeb has tracked the various ways that API providers have used to authenticate their APIs in an effort to make API communications more secure. In our data model, we refer to these methods as Authentication Models. This article looks at the most popular methods used.
This article is part of a multi-part series about interesting APIs that were added to our directory during 2017. Security and Privacy APIs are covered in this segment. The APIs were chosen by our researchers, by popularity according to website traffic, and by mentions on social media.
BioID has enhanced its biometrics as a service portfolio with the launch of its PhotoVerify API. Part of the BioID Web Services suite, the PhotoVerify API compares a live image against a photo ID to verify identity. The API approach lowers time and cost associated with advanced identification.
This week, Amazon announced a slew of new offerings at its AWS division Re:invent conference in Las Vegas. These include AWS AppSync, a serverless service for real-time data queries, Amazon GuardDuty, a new security monitoring solution, and five new artificial intelligence APIs.
Core Impact 2017 R1 and Metasploit Pro are tools used to create multi-staged, real-world attacks to test enterprise security defenses. Both solutions have a large following, but there are several areas in which they are different that dramatically increase a pen-tester's ability to do their job.
Escrow.com has announced a beta version of its Platform API. Through the API, third party apps and services can integrate the escrow services Escrow.com has long been known for. Once integrated, apps and services can hold money in trust until a transaction has fully completed.
Mastercard's new service, Consumer Control, enables consumers to monitor their digital footprint through understanding where their credit card credentials are stored across the internet. Mastercard is providing access to Consumer Control through an API that integrates with online banking services.
Developers who are still using the Google reCAPTCHA v1 API need to switch to the reCAPTCHA v2 API as the v1 API will shut down in March 2018. The service uses machine learning and its advanced risk analysis engine to figure out if users completing forms and other actions are humans or bots.
Despite the fact that the costs associated with hacking and data breaches have arguably never been higher, recent API-related security incidents involving large companies, T-Mobile and Accenture, highlight the fact that basic API security best practices are still often not being adhered to.
Google, IBM, along with a number of other technology companies have introduced the Grafeas API, an open source artifact metadata API. Using the Grafeas API, organizations can combine data with other metadata to build a comprehensive model for security and governance at scale.
Cloud-based apps rely on an increasingly diverse set of underlying services, tied together through APIs - and hackers have taken notice. To resolve attacks and outages affecting APIs it is critical to understand and test the performance of the service delivery of application components.
Flashpoint announced the fourth version of its business risk intelligence API. The latest feature added to the API is Risk Intelligence Observables (RIOs), which the company contends move beyond traditional security indicators. A number of Flashpoint partners have already utilized v4.
At this point in your API journey, you have made a number of business decisions and a couple of technical ones. Now, several crucial decisions need to be made around security. Securing an API is an often neglected task, yet doing so is at the heart of an effective API strategy.
A recent white paper reported an Autofill API vulnerability within Android's 8.0 Oreo release. The vulnerability comes via the ability for widgets to hide themselves from users and request information that users are unaware they are providing to the hidden widget. No public fixes have been issued.
After it was revealed that over 143 million Americans may have been impacted when their personally identifiable information may have been breached through the credit reporting agency Equifax, there were further revelations that the so-called secret PINs issued by Equifax were actually timestamps.
From Slack integrations to coffee buttons, if Starbucks were to open up their API to the public, there are a ton of integrations that third-party developers could create. Tendigi CTO Nick Lee over at the Tendigi blog couldn’t wait so he reverse-engineered the Starbucks mobile app.
Although most of the technical details regarding the breach of Equifax are not known, the scope of the damage and the questions it raises should be enough to stimulate some organizational introspection regarding all that you have done to safeguard your Web services, sites, and APIs.