When protecting your online services, the weakest link is represented by the endpoints – that is, by the end-user devices running web or mobile applications or by external systems leveraging open APIs. As a matter of fact, there is a growing number of targeted attacks leveraging sophisticated techniques such as malicious web injections, mobile overlay and API abuse attacks to perform identity hijacking, account takeover, transaction tampering and payment frauds.

A modern API gateway like Kong enables organizations to achieve some use cases much more easily than traditional gateways. The reason is older, traditional gateways try to provide as many features as possible into a heavyweight monolith, while modern solutions use a best-in-breed approach. These traditional solutions not only try to be a gateway, but they also try to be a business intelligence system, a central logging hub, a monitoring tool and so much more.

Can you keep a secret? What will it take for me to trust you to keep and protect a secret that I share with you? If you are a friend or family member, I may not need more than you saying “Yes”, but if I don’t know you, I will likely want additional guarantees or proof that I can trust you. This is particularly true if you are an organization handling personal information about me.

Have you ever been neck-deep building a new feature? You're working at capacity. You need to test something out so you paste an API key into your source file with every intention of removing it later. But you forget. You push to GitHub. It's an easy mistake, and potentially a very expensive one. In this article, Julien Cretel explores the nuances of this kind of data leak, offers suggestions for recovery when leaks happen and gives us options for preventing them in the first place.

RELATED BLOG POSTS Unraveling the Complex Streaming Data Pipelines of Cybersecurity Best Practices Blog 5 Min Read Security is top of mind for every enterprise these days. There are so many threats they can hardly be counted, but one commonality exists: data is always the target. Unravel’s mission is to help organizations better understand and improve the performance of their data-based applications. We’re a data business, so we appreciate the scope and implications of these threats.

Tomcat servers are widely used application servers for today’s development architectures, popular for hosting Java based applications. Below is a guide on best security practices for security your Tomcat Server environment. Banner grabbing is the process of gaining information from computer systems including services, open ports, version, etc. When sending a server host request via telnet command, you pass along the server name, port, and version.

“In god we trust, all others must bring data,” a line attributed to the American statistician, W. Edwards Deming, highlights the importance of statistical measurement and analysis in verifying facts and confirming their viability. However, as the volume of data grows exponentially, this becomes far more difficult with each passing month. While the fake news epidemic may be most noticeable on social media platforms, businesses face a similar challenge internally.

Unsurprisingly, Modern data apps have become crucial across all areas of the financial industry, with apps for fraud detection, claims processing and compliance amongst others playing a business critical role. Unravel has been deployed by several of the world’s largest financial services organizations to ensure these critical apps perform reliably at all times.

At Kong, we leverage many tools to protect our services and customers. Terraform from HashiCorp allows us to automate the process with Infrastructure as Code (IaC). Another important tool is Amazon Web Services (AWS) GuardDuty, a continuous monitoring service for security threat detection in your AWS accounts.

In January, I’ll start a new game: ask a company to retrieve all the information they have about me in less than 45 days. One of the requirements of CCPA, is to be able to reply to a customer request to have access to all the data you have about them in less than 45 days. These are called the Verifiable Customer Requests. You may be able to complete 10, 20 replies. But what if you received 10 every day? What does it take to keep your customers happy and being compliant?