API News, Articles and Updates

Bouncy Castle let down by inadequate protection of BKS-V1 keystore files

The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can easily be cracked by hackers.

The API vulnerabilities lurking in your architecture

As a security topic in its own right, API security and API vulnerabilities are still relatively unknown to most organisations and even many security professionals.

T-Mobile API bug may have leaked customer account data

A bug in T-Mobile's wsg.t-mobile.com API may have allowed attackers to access customer data that can be used to carry out phishing attacks or worse.

Microservices - specific security issues and how to address them

Owen Garrett discusses microservices and how it poses its own security risks then delves into options as to how we can mitigate them.

Why the UK leads the way in API security

Dense population and its role as a transportation hub has pushed the UK to ensure good security for APIs exposed in use, integrating borders and government agencies, says Jason Macy.

Five threats to watch out for in 2014

Leading pen tester reveals his main security concerns for the next 12 months

Keeping up with the bad guys

Malware writing has undergone many changes over the years - from hobbyists to a criminal business - with mobile and social now the hot targets, Rob Buckley reports.

Top 5 most common security development errors

Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.