Tag Archive for: Developing

Developing Best Practices for API Security

/in


APIs are pivotal to the overall success of a digital transformation. They allow developers to work across the digital assets and across multiple systems with ease. More organizations are adopting API initiatives, and are approaching digital transformations with an API-first attitude, according to a report from Google.

“Some 58% say top API initiatives emphasize speeding up new application development; 47% include creation of a developer platform among their core API projects; 32% are using APIs to develop B2B partner programs; and 10% are focused on monetizing APIs to unlock new revenue streams,” the report stated.

But with increased use of APIs comes increased security risks, largely because developers struggle with API security for mobile use. One major reason is that too many developers don’t follow security best practices in the design and development phases.

Two Levels of API Security

To create best practices for API security, developers need a better understanding of where the organization’s specific security pain points are. Sam Rehman, chief information security officer, EPAM Systems, said in an email interview that there are two specific areas to consider when thinking about and developing an API security best practices list: the strategic/design level and the tactical level.

“From a strategic/design level, APIs prioritize access and reusability,” Rehman explained. “It allows others to take advantage of what has already been built without reinventing the wheel. Then, they can build on top of what has already been tested, scaled out and, hopefully, properly managed.”

API designers want to create flexibility to enable API use for various purposes, so they focus on providing as many features and access points to the core functionality as possible. The design of the API also has to take into consideration the constant changes and upgrades necessary to deliver new features.

“Although this flexibility benefits many, it also creates an opportunity for attackers to exploit the system by using factors like multiple entry points and the large attack surface, for example. At the strategic and design level, flexibility and opportunities for attack act as opposing…

Source…

Developing countries sign Huawei deals despite US espionage warnings

/in


US warnings of espionage by Huawei are failing to dissuade governments in Africa, Asia and Latin America from hiring the Chinese tech group for cloud infrastructure and e-government services, a study has found.

The report by the Washington-based think-tank CSIS seen by the Financial Times identified 70 deals in 41 countries between Huawei and governments or state-owned enterprises for these services from 2006 to April this year.

Cloud infrastructure usually refers to the installation of data centres, while e-government mainly involves automating administrative functions such as licensing, healthcare, legal records and other government processes.

“Huawei’s cloud infrastructure and e-government services are handling sensitive data on citizens’ health, taxes, and legal records,” according to the study.

“As Huawei carves out a niche as a provider to governments and state-owned enterprises, it is building a strategic position that could provide Chinese authorities with valuable intelligence and even coercive leverage,” added the study.

Most of the countries involved in such deals with Huawei were in sub-Saharan Africa, Asia and Latin America, and 77 per cent of them fell into the categories of “not free” or “partly free”, as rated by Freedom House, a US government-funded democracy watchdog group.

“With a surge in deals announced since 2018, including several announcements during 2020, it is clear that warnings against Huawei’s security risks are not persuading decision makers in developing countries,” the CSIS report, authored by Jonathan Hillman and Maesea McCalpin, said.

“As a cloud infrastructure and service provider, Huawei doesn’t own or control any customer data,” Huawei said in a statement.

“All customer data is owned and fully controlled by our customers.”

“Cyber security and user privacy protection remain Huawei’s top priorities,” the company added. 

The US has repeatedly accused Huawei of spying for the Chinese government, sometimes by exploiting telecoms “back doors” in its equipment. Washington has also placed Huawei and many of its affiliates on an “entity list”, restricting the sale of critical technologies such…

Source…

Air Force ISR team developing cyber warfare flight plan – Inside Defense

/in

Air Force ISR team developing cyber warfare flight plan  Inside Defense

Lt. Gen. VeraLinn Jamieson, the Air Force’s top intelligence officer, is working on a cyber warfare flight plan to help execute the *service’s* vision for multidomain …

“cyber warfare news” – read more

Computer Weekly feature: Developing innovative security analytics approaches in the digital age – Security Boulevard

/in

Computer Weekly feature: Developing innovative security analytics approaches in the digital age  Security Boulevard

PCI Pal has recently featured on the Computer Weekly magazine website. With security threats growing in scale and complexitty, security analytics provide a …

“computer security news” – read more