#Issue34
3 posts

Securing REST APIs

Ensure that you only accept queries sent over a secure channel, like TLS. Use API keys to secure, authenticate and track usage of a REST API.
Read more

Securing REST APIs

  • Ensure that you only accept queries sent over a secure channel, like TLS.
  • Use API keys to secure, authenticate and track usage of a REST API.
  • Validate parameter-based inputs for queries.
  • Whitelist permitted HTTP methods and block those accessed via a public API.
  • Authenticate individual users for specific actions.
  • Log all failed requests and look for patterns to identify sustained attacks.
  • Use a security framework with policies to decide whether the querying party can see the data.

Full post here, 6 mins read

How to minimize security debt from the start

Take stock and build an inventory of all connected devices and applications within your network, locate where all data reside, and audit access to them. Secure data travelling within as well as across networks.
Read more

How to minimize security debt from the start

  • Retrofitting security issues requires that you refactor not only code but also human behavior.
  • Take stock and build an inventory of all connected devices and applications within your network, locate where all data reside, and audit access to them.
  • Secure data travelling within as well as across networks.
  • Take special care to secure DevOps projects as they introduce considerable security risks.
  • Establish an access management policy that evolves as your organization grows.
  • Encrypt data (in rest and in motion), use multi-factor authentication, ensure redundancy, and segment data and systems.
  • Build a good incident recovery plan right from Day 1.

Full post here, 5 mins read

How to combat cloud software security threats

Deploy strong identity management and access management systems. Understand how security works with third-party apps & integrations in detail.
Read more

How to combat cloud software security threats

  • Deploy strong identity management and access management systems.
  • Understand how security works with third-party apps & integrations in detail. Ensure you know what exactly does granting access for anything to a third-party app means.
  • Ensure that your cloud vendor provides audit logs and check them regularly.
  • Check that your cloud software vendors are compliant with the widely accepted standards & regulations pertaining to your industry. Consider security assessments by third parties as well.
  • Look for how seriously your cloud & cloud software vendors take their bug bounty programs.

Full post here, 5 mins read