The cloud is the computer, web application security fundamentals

Elvis and the application have left the building. The first part of that slightly bizarre alert simply tells you that it’s time to go home and leave the theatre; now is not the moment to hang around for encores or curtain calls.

The second part of that warning is meant to remind us that many of our enterprise software assets now exist as some part of the wider web that forms the internet itself. But this core truism has implications.

The rise of web applications and the Application Programming Interfaces (APIs) that bond many of their synaptic connections enables us to attain previously unimaginable levels of flexibility and operational agility. But flexibility usually has a cost or some form of trade-off; there are vulnerabilities out there that we need to think about.

The API superhighway is in fact super-busy; API calls represent 83 percent of web traffic, according to an October 2018 Akamai traffic review… and the figure may be closer to 85 or 90 percent now. Content delivery network specialist Akamai says that the majority of API traffic is for custom-built applications, which are the result of digital services and cloud-based application deployment.