Doing security properly for application programming interfaces (APIs) is a process that goes well beyond security. It’s also about IT operational and architectural issues that drive security outcomes. To be successful, API security must be viewed as an end-to-end process covering the full software lifecycle. It starts with development but continues through runtime and end-of-life.
For those that haven't heard, Optus, the second largest telecom company in Australia, exposed over 11.2 million customer records including names, physical and email addresses, birth dates and, for some, government issued id numbers such as drivers license or passport numbers. Yoikes.Optus hasn't provided many specific details so far but there's plenty to consider.
DevSecOps is a variant of DevOps that adds security to the software development workflow. Application Programming Interfaces (API) security needs to be part of DevSecOps. This article explores how DevSecOps works and the role that API security plays in making applications that result from DevSecOps as secure as possible.
During my 34-year career in federal law enforcement, I repeatedly saw the damage data theft caused to unsuspecting victims. Whether the result was an elderly retiree losing their life savings, a company losing its intellectual property, or the military losing technology that took years to research and billions of dollars to fund.