Runtime Governance for SOA and Cloud Computing

XML Gateway

Subscribe to XML Gateway: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get XML Gateway: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


XML Gateway Authors: Mamoon Yunus, Dirk Zwart, Rizwan Mallal, Mark O'Neill, Ron Schmelzer

Related Topics: Cloud Security Journal , XML Gateway, API Security

api security: Blog Feed Post

API Security - SD Times Review of OWASP Top 10 - RC1

API Security has finally made it into mainstream security consciousness. The premiere web application security OWASP Top 10 Threats has published its Release Candidate 1 (RC 1). SD Times provided a comprehensive overview on the implications of including API Security as a part of OWASP Top 10 2017 - RC1. Here's an excerpt for SD Times article:

The next major addition is Underprotected APIs, since the use of APIs has exploded in modern software, said Williams. There are a variety of protocols and data formats used by these APIs, including SOAP/XML, REST/JSON, RPC, GWT, and others. It’s important to note that these APIs are often unprotected, and they contain numerous vulnerabilities, said Williams. He also added that these APIs represent a “major blind spot” for security programs in organizations, and OWASP is helping to refocus teams on this expanding problem.
“To me, T10-2017 reflects the move towards modern, high-speed software development that we’ve seen explode across the industry since the last version of the T10 in 2013,” said Williams. “While many of the vulnerabilities remain the same, the addition of APIs and attack protection in this version is designed to focus organizations on the key issues for modern software.”
A10 - Unprotected APIs snapshot is presented below:


Relevant sources:



Read the original blog entry...

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."