Bracing for the Next Big Cloud Revolution: Finding Value in "Up Stack" Cloud
The cloud revolution in enterprises has very clearly crossed the phase of
proof-of-concepts into a truly mainstream adoption. One of most popular
enterprise-wide initiatives currently going on are "cloud migration" programs
of some kind or another. Finding business value for these programs is not
hard to fathom - they include hyperelasticity in infrastructure consumption,
subscription based models, and agility derived from rapid speed of deployment
of applications. These factors will continue to drive cloud adoption into the
foreseeable future.
Beneath the surface, there is a far-reaching trend playing out with the
potential to create an impact far greater than cloud migration programs. For
want of better terminology, let's call this the "up stack" cloud revolution.
These are essentially "c... (more)
Java Web Services Tutorial: Improve App Communication and Flexibility
By Eugen Paraschiv
Web services have taken the development world by storm, especially in recent
years as they've become more and more widely adopted. There are naturally
many reasons for this, but first, let's understand what exactly a web service
is.
The World Wide Web Consortium (W3C) defines "web of services" as
"message-based design frequently found on the Web and in enterprise
software". Basically, a web service is a method of sending a message between
two devices through a network.
In practical terms, this translates to an application which outputs
communication in a standardized format for other client applications to
receive and act on.
Web services have been adopted so quickly because they bring several
important advantages:
Allow communication and interoperability between applications r... (more)
Download Slide Deck: ▸ Here
Download Slide Deck: ▸ Here
Security in a Cloud-First World Is Cloudy
Enterprises are moving to the cloud faster than most of us in security
expected. CIOs are going from 0 to 100 in cloud adoption and leaving security
teams in the dust. Once cloud is part of an enterprise stack, it's unclear
who has responsibility for the protection of applications, services, and
data.
When cloud breaches occur, whether active compromise or a publicly accessible
database, the blame must fall on both service providers and users.
Download Slide Deck: ▸ Here
In his session at 21st Cloud Expo, Ben Johnson, Co-Founder and CTO of
Obsidian Security, explored how both groups must do more to make cloud more
secure, from leveraging AI to improving APIs, to incorporating cloud into
current security programs.
Download Slide Deck: ▸ Here
Speaker Bio
Ben Johnson,... (more)
Developer Experience: The Key to a Successful API
By Caroline Ambros
User experience is the key to adoption. If no one understands how to use your
product, they won't buy it. This is equally true in the world of APIs.
Developers are more likely to adopt and stick with a platform or service that
they enjoy using. The key to the success of your API, then, is the Developer
Experience.
But what is Developer Experience?
Much like for products that target traditional consumers, the usability of
your API is key. Thus, the Developer Experience is the aggregate of all
experiences a developer has while interacting with your platform. At the
intersection of business, technology and UX, your platform's Developer
Experience could make or break your organization's growth in today's
incredibly competitive technological landscape.
"Good" Developer Experience is all about understandi... (more)
API Security is complex. Vendors like Forum Systems, IBM, CA and Axway have
invested almost two decades of engineering effort and significant capital in
building API Security stacks to lockdown APIs. The API Security stack diagram
shown below is a building block for rapidly locking down APIs. The four
fundamental pillars of API Security - SSL, Identity, Content Validation and
deployment architecture - are discussed in detail below.
Here are four fundamental steps that an enterprise can take to ensure that
their APIs attack surface area is significantly reduced. To implement API
Security:
Enable SSL: One can rapidly protect API traffic by enabling SSL and changing
http to https. This is a good first step in protecting the traffic from an
API consumer to an API producer, however, the following items should be
considered in tightening secure API communication: Check X... (more)
Horizontally Scaling Apps that Are Using Websocket Protocol
With Cloud Foundry you can easily deploy and use apps utilizing websocket
technology, but not everybody realizes that scaling them out is not that
trivial.
In his session at 21st Cloud Expo, Roman Swoszowski, CTO and VP, Cloud
Foundry Services, at Grape Up, will show you an example of how to deal with
this issue. He will demonstrate a cloud-native Spring Boot app running in
Cloud Foundry and communicating with clients over websocket protocol that can
be easily scaled horizontally and coordinate communication between multiple
instances by using an additional message broker.
Speaker Bio
Roman Swoszowski is CTO and VP, Cloud Foundry Services, at Grape Up. He is
responsible for developing the overall technology vision of the company with
a focus on Cloud Foundry and related cloud technologies. With over 10 year... (more)
API Security has finally made it into mainstream security consciousness. The
premiere web application security OWASP Top 10 Threats has published its
Release Candidate 1 (RC 1). SD Times provided a comprehensive overview on the
implications of including API Security as a part of OWASP Top 10 2017 - RC1.
Here's an excerpt for SD Times article:
The next major addition is Underprotected APIs, since the use of APIs has
exploded in modern software, said Williams. There are a variety of protocols
and data formats used by these APIs, including SOAP/XML, REST/JSON, RPC,
GWT, and others. It’s important to note that these APIs are often
unprotected, and they contain numerous vulnerabilities, said Williams. He
also added that these APIs represent a “major blind spot” for security
programs in organizations, and OWASP is helping to refocus teams on this
expanding problem.“To me,... (more)
API Security Lessons from Fisher-Price's Smart Toy Bear Security Flaw
By Ryan Pinkham
Earlier this week it was reported that researchers at Boston-based security
company, Rapid7, identified several security flaws in an app connected to a
new toy from Mattel's Fisher-Price brand.
The news of the security vulnerability caught our attention for a few
reasons:
The name of the toy - Smart Toy Bear - is strangely close to the name of our
company SmartBear Software. More importantly, the story caught our attention
because the security vulnerability brought up an important reminder about the
important issue of security in today's connected world.
Luckily, the vulnerability identified by Rapid7 has since been fixed.
But the security flaw - which could have allowed a hacker to steal a child's
name, birthdate and gender, along with other data - is just the latest
example of how ... (more)
The unprecedented explosion of modern technologies combined with a burgeoning
mobile space has forced enterprises to rethink previously held beliefs about
the static enterprise perimeter. Remember the olden days when you said your
enterprise was completely self-contained in one data center, with your apps
inside the firewall and with everyone nearly as confident about it as being
as secure as Ft. Knox? With an explosion in mobile computing, demand for
cheap or “free” usage of resources, and a sharp reduction in cost with
the cloud delivery model, it is expected (or rather demanded) that every
enterprise expose their APIs not only from their enterprise but from a cloud
based model. (NOTE: The cloud is referred to in a loosely defined
delivery model be it — public, private, community or hybrid variety).
Couple this inexorable progression for having a cloud based m... (more)
Cloud Expo® New York Early Bird Savings here!
More and more enterprises today are doing business by opening up their data
and applications through APIs. Though forward-thinking and strategic,
exposing APIs also increases the surface area for potential attack by
hackers. To benefit from APIs while staying secure, enterprises and security
architects need to continue to develop a deep understanding about API
security and how it differs from traditional web application security or
mobile application security.
In his session at 14th Cloud Expo, Sachin Agarwal, VP of Product Marketing
and Strategy at SOA Software, will walk you through the various aspects of
how an API could be potentially exploited. He will discuss the necessary best
practices to secure your data and enterprise applications while continue
continuing to support your business's digital initiatives.
In thi... (more)
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 -
RC1 recognized API Security as a first class citizen by adding it as number
10, or A-10 on its list of web application vulnerabilities. We believe this
is just the start. The attack surface area offered by API is orders or
magnitude larger than any other attack surface area. Consider the fact the
APIs expose cloud services, internal databases, application and even legacy
mainframes over the internet. What could go wrong?
API Security has been added to OWASP Top 10 2017 - RC1. This is a
commendable step taken by the web application security thought leaders and is
a clear indication of where the industry is heading. Security professionals
have all the tools and awareness to fence in applications, databases and
legacy systems through firewalls.
OWASP has served the security professionals well... (more)