Systems | Development | Analytics | API | Testing

API management and API security are like two sides of a coin, intrinsically part of a greater whole. That is why the recent KuppingerCole report, “Leadership Compass: API Security and Management,” is particularly useful for organizations seeking to develop or update their API strategies. With the report’s comprehensive view of both API management and security, it offers an invaluable resource for understanding their interplay.

In the modern IT stack, API gateways act as the first line of defense against attacks on backend services by enforcing authentication/authorization policies and validating and transforming requests. When backend services are protected with a token-based approach, client applications must obtain an access token to access the protected resource.

It’s no secret that the expectations for public sector digital services have changed significantly over the past few years; services need to be rolled out fast to ensure usable and secure software that can help agencies deliver on their mission. These expectations can be met by combining DevSecOps with codeless automated software testing.

Continual is proud to announce that we are now SOC 2 Type 1 compliant and SOC 2 Type 2 in progress. This certification demonstrates our core commitment to your data security and privacy. We expect to make additional announcements around our security certification efforts over the coming months. Beyond third party attestations, Continual is built from the ground up for data security, privacy, and governance at enterprise scale.

Performance testing scripts need to go through authentication in order to access target services with the right authorization. They also need to validate that the authentication servers are able to handle the target load. OpenID Connect(OIDC) has become a popular authentication and authorization protocol for securing web applications. This article will present the OIDC protocol and how to implement a JMeter script to performance test it.

Today, more organizations than ever before rely on web and mobile applications and partner integrations to help them automate and scale, making APIs essential to today’s software ecosystem. But because APIs are gateways to sensitive data, this also makes them an attractive target for hackers who are constantly evolving their strategies to access private information.

With digital transformation shifting networks into the cloud — from remote workforces to online banking — cyberattacks are growing more prevalent and sophisticated. Legacy security models like VPNs and perimeter-based firewalls are proving inadequate in addressing modern threats because perimeters are becoming harder to define.