The Curious Case of API Security

Thumb original axway collateral api top 11 threats en

By channeling the spirit of Sherlock Holmes and Hercule Poirot, we’ll explore
how to learn from failure, improve pattern recognition of security quality,
and detect possible security vulnerabilities.
Just as a detective studies a crime scene for clues, we will follow a
methodical approach to investigating and solving the Top 11 API Threats.

Our basic process is as follows:

1. Understand the context in which APIs exist
2. Look for clues that point to possible vulnerabilities
3. Catalog the tools used to identify and track vulnerabilities
4. Identify countermeasures to fix vulnerabilities
5. Provide evidence that can measure the efficacy of the countermeasures

View whitepaper
Date: 26 January 2016, 10:12 am   |   Provider: Axway GmbH   |   Size: 9.2 MB   |   Language: English
This may interest you too:
Thumb original whitepaper the imperative for effective data flow governance axway ovum whitepaper final

The Imperative for Effective Data Flow Governance in Response to Data Security, Risk Mitigation, and Compliance Requirements

Ovum Studie: So reduzieren Sie das Risiko von Datenlecks

Im Rahmen einer Studie der Analysten von Ovum wurden hunderte IT-Entscheidungsträger weltweit dazu befragt, wie effektiv Datenflüsse in ihrem Unternehmen gesteuert werden.
Hier einige Ergebnisse:
· 23 % der Befragten haben innerhalb der letzten drei Jahre einen Sicherheitsaudit nicht bestanden.
· 17 % waren unsicher, ob sie einen derartigen Audit mithilfe ihrer vorhandenen FTP-Lösungen bestehen könnten.
· 4 % der FTP-gestützten Dateiübertragungen schlagen fehl – gleichzeitig b ...

To the download
Thumb original threat report discussion guide   whitepaper

2017 Threat Report - Discussion Guide

The Cylance 2017 Threat Report offers valuable analysis on the current state of cybersecurity. The information provided in the report is unavailable anywhere else. This Cylance® study includes research and information drawn from internal data and feedback provided by Cylance customers. The report offers considerable insights into recent threat trends and related security issues.

Some key findings of this report merit further discussion. These conversations represent an opportunity to dig deeper into the implications of current security stra ...

To the download
Thumb original 19q4 dev opps guide cloud 328387314 1b solution guide


By focusing on frequent code integration, automated testing, and keeping
the mainline code version in a state that is deployable to production at any
time, CI/CD aims to eliminate the risks and friction of traditional waterfall
software development. Add to that the practice of continuous deployment
and you can move to a situation where the latest and greatest software version
is not just always ready to be deployed—it’s deployed on a frequent basis. ...

To the download
Thumb original mktg 18 0108 economics insecurity wp d

Economics of Insecurity

The information security field is economically inefficient. This is both good and bad. Bad, because it means billions of dollars are squandered on solutions which offer their buyers sub-optimal returns. Good, because the opportunities exist to operate more efficiently and thereby improve the quality of life for everyone.
This paper will examine how we know economic inefficiencies exist and why the industry seems unwilling to address them. By understanding these issues, companies will be better able to select effective IT security solutions tha ...

To the download
Thumb original uk uws using mitre attack in threat hunting and detection white paper

Using MITRE ATT&CK™ in Threat Hunting and Detection

MITRE ATT&CK1 is an open framework and knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack beh ...

To the download