Credenxia leaps into the future with Dock's API

Preparing to move towards a decentralized solution for creating and managing employee credentials, Credenxia is working with Dock to build a Proof of Concept (PoC) application to create, issue, manage, and verify credentials instantly. This PoC is now complete!

Kong Mesh and Styra DAS - securing modern cloud-native applications

Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.


Styra Declarative Authorization Service Expands Service Mesh Use Case

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.

Are APIs the Gateway for Credential Stuffing Attacks?

FinTechs have emerged as the digital-first answer to transforming the banking industry. Legislation such as the EU’s PSD2 and the UK’s Open Banking have cemented their place in the financial services environment, while removing much of the red tape that surrounds financial services to encourage collaboration and ensure security by design. Much of this collaboration is facilitated by open APIs, but what do we know about the API layer and security vulnerabilities that threaten your FinTech when it is exposed?

Hacker School Reboot - insights from leading API hackers [VIDEO]

Detectify is on a mission to drive the future of Internet security with automated and crowdsourced web solutions. API security and hacking is a pretty hot topic today and we invite 3 experts to join us for the latest Detectify Hacker School Reboot to present lightning talks on their experience and interests in hacking APIs. Detectify recently announced that we are researching, breaking and securing APIs.


Web scanners are evolving to secure modern web applications and their APIs

Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.


How To Build A Secure Open Source API Program

API security is one of the most important aspects of cybersecurity. The rise of new technologies like microservices, cloud-native applications, IoT devices, single-page applications, serverless, and mobile has led to increased use of APIs. Any internal application elements are now APIs connecting with one other through a network. A game API lets your applications and web services communicate with one another and share information such as rules, settings, specs, and data.


Kubernetes API Access Security Hardening.

In a Kubernetes cluster, Control Plane controls Nodes, Nodes control Pods, Pods control containers, and containers control applications. But what controls the Control Plane? Kubernetes exposes APIs that let you configure the entire Kubernetes cluster management lifecycle. Thus, securing access to the Kubernetes API is one of the most security-sensitive aspects to consider when considering Kubernetes security.

Detectify expands coverage for public APIs (in development)

Our security researchers happen to be talented bug bounty hunters as well as the brains behind of Detectify's efforts to develop a leading-edge API security scanner. Why is developing a reliable API security tool so challenging? It's because every API is different, which means it’s challenging to have a standardized approach to security testing on APIs. Almroth states that the team will focus on developing an API security scanner that focuses on server-side vulnerabilities. Both share that this is going to use fuzzing techniques.