Author Archives: jmacy

How to Detect and Stop URL Parameter Tampering

In this series on the Top 10 API threats and How to Prevent Them, Forum Systems shares security insights compiled over many years, delivering secure and reliable solutions for web services and API modernization initiatives. #2 How to Detect and Stop URL Parameter … Read MoreRead More

Tags: ,

How to Prevent SSL Vulnerabilities Using Powerful API Security

In this series on the Top 10 API threats and How to Prevent Them, Forum Systems shares security insights compiled over many years, delivering secure and reliable solutions for web services and API modernization initiatives. … Read More

Tags: ,

Cloud(ed) Judgment: OneLogin’s Breach Continues to Fuel the Security Debate

When it comes to the next big data breach, it’s never a matter of if, but a discussion of when. This time, the target was identity and access management firm OneLogin, which recently shut down its U.S. data center due … Read MoreRead More

Tags: ,

The President’s New EO Gets the Gist of NIST

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the … Read MoreRead More

Tags: , ,

Trust, but Verify: The Missing Link in IAM

Identity and Access Management (IAM) is well-entrenched in enterprise and government infrastructures. However, in our API-driven world, merely establishing a “trusted user” – e.g., a device or a person – and granting them access to information provides an incomplete security … Read MoreRead More

PSD2: An Open Concept in Banking Mandating the Use of APIs

A revolution is occurring in European banking and APIs are leading the way. Adopted in 2007, the Payment Services Directive (PSD) “provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services … Read MoreRead More

Tags: , , , , , , , , ,

(Cloud)Flare Up: What you Need to Know about Ticketbleed

As you’ve likely seen, last month, Cloudflare Engineer and crypto expert Filippo Valsorda discovered a software bug in F5 appliances. Named “Ticketbleed,” since it leaks SSL session identities like the famed Heartbleed, the vulnerability is in the transport layer security … Read MoreRead More

Tags: ,

The (In)Security of IoT

In October, one of the signature security events in the history of the internet occurred. Dyn, the well-known cloud-based internet performance management company, suffered a massive DDoS attack on its managed domain name server infrastructure. The impact was widespread. … Read More

Tags: , , , ,

How to Build a Secure OAth Solution in Less Than 5 Minutes

In our last post, Protecting Against OAuth Hacks, our CTO, Jason Macy, discussed the latest reported OAuth 2.0 hack “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“. In the post, we discussed how the Forum Sentry API … Read MoreRead More

Protecting Against OAuth Hacks

In this latest reported OAuth 2.0 hack entitled “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“, it has been discovered that: “…A remote simple hack devised by a group of security researchers threatens an amazing number of … Read MoreRead More