Got password amnesia? Or worse, worried about your users having it? That can lead to security breaches as people often remember their passwords by using the same password for everything, writing it down on a sticky note by the computer screen, or even keeping an insecure file with a bunch of themConfident Technologies has the answer–and the Confident Image Based Authentication API to go with it.
Need to make sure your cloud is up and running? If you like pretty charts of that uptime, Nimsoft has got you covered. The company also has a not quite as pretty Nimsoft Cloud Monitor API that allows developers to integrate the tools for monitoring cloud performance into their applications.
Cloud API Security was the topic for a panel discussion at the Infosec conference in London April 26th. After a brief introduction of what APIs are, how companies are becoming platforms and what security implications this has the discussion mostly focused on how to secure mobile apps and how to keep security tokens protected.
The Cloud Security Alliance Summit brought together a panel of security experts on February 27 in San Francisco to examine the threats posed by API and cloud-based computing. But rather than providing guidance on how to mitigate security risks they focused instead on the uncertain nature of security in an environment that is increasingly dominated by applications that use APIs to transfer data across the cloud.
When programming a web application, security is often a prime concern. If you’ve read my previous articles, you’ve often seen me comment on how secure an API is, as many of them are pretty secure, but many of them are not. When working on a cool application, often security is something you don’t really want to spend that much time thinking about, which is why Layer 7 recently released an OAuth toolkit.
Bitcoin, the anonymous, peer to peer virtual currency, has been getting a lot of press lately. From the severe inflation to the hacks and the big heist, not all of it has been good. However, it’s certainly an interesting system, and there are a few good trading services such as Mt.Gox and Tradehill aimed at making Bitcoin more available and more usable for the average person. Today we’ll take a look at the Mt.Gox API and Tradehill API.
If you run a website, like many of our readers, and you have an account system, you probably have problems with spam. One of the main sources of spam is users who register using disposable e-mail addresses. These can be generated by spammers programatically, using services like the Guerilla Mail API I covered previously, and used to make tons of accounts to try to get blog spam through. If this is a problem for you, the DEA Filter API can help.
With an announcement of new permissions levels, Twitter is requiring apps that need access to direct messages to re-authorize their users. For mobile apps, this could mean rewriting to use OAuth for the first time. When the developer community balked at a shorter timeline, Twitter extended the deadline to June 14 June 30. Though most developers will not need to make changes to their applications, those that do will have to do so in only 27 43 days.
Authentication vulnerabilities are at the center of security issues faced by two of the web’s biggest companies this week. A German security firm showed that Google’s Android platform sends some authentication tokens as plain text. Similarly, Facebook is requiring many developers to update their apps to fix a problem with “leaking auth tokens” due to iframe authentication.