GraphQL is a powerful query language for APIs.

It allows clients to request exactly what they need, and nothing more. This makes it easier to evolve your API over time, as well as improve performance by reducing the amount of data transferred betw ...

Continue Reading
API vulnerabilities can be introduced at any point in the development process.

— APIs connect multiple solutions together, which is where a lot of the risk stems from. Developers and tech teams are working on very tight deadlines, with unfamiliar products that were not designed ...

Continue Reading
I’m a software engineer at Google, and I wrote a book about how to build web applications with Go.

I started writing this book in 2015, when I was working as an engineering manager on the AdWords team. The idea for the book came up during one of our weekly meetings where we talked about what new en ...

Continue Reading
API security is hard and it’s not getting any easier.

How do we make API security better? Here are some suggestions: 1)    Understand the OWASP Top 10 for APIs – The Open Web Application Security Project (OWASP) has a list of top 10 risks that shou ...

Continue Reading
API security maturity is improving, but we still see API vulnerabilities reported every month.

The most common cause of these vulnerabilities is broken authentication (#2 on the OWASP Top 10 list), followed by poor enforcement of payload schemas and failure to restrict access (both tied for #3) ...

Continue Reading
The following is a checklist of the top 10 security issues and how to test for them.

OWASP Top 10 Security Issues For APIs: A Checklist Injection (XSS, SQLi) Test your API endpoints for injection vulnerabilities by sending unexpected input that could break or alter data. You can use ...

Continue Reading
I’m a big fan of the Digital Transformation series from Microsoft.

I've been following it since its inception and have watched many of the webinars, read their whitepapers and case studies, etc. Recently they announced a new offering called Azure Security Center , wh ...

Continue Reading
If you want to be a good programmer, learn how to program.

If you want to be a great programmer, learn how people think and what they need https://t.co/MPPOIRt47g ...

Continue Reading

Back to Main

Subscribe for the latest news: