Posts

Showing posts from 2020

API Security Testing Checklist

 API should be checked for the following from a Security perspective: 1. Denial of Service Attack https://owasp.org/www-community/attacks/Denial_of_Service 2. OWASP A6- Security Misconfiguration https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html  2. IP Access Control https://owasp-top-10-proactive-controls-2018.readthedocs.io/en/latest/c7-enforce-access-controls.html 3. MITRE CWE 250 Unnecessary Privileges - Basic Authentication 4. Ensure no direct access to database. 5. Access token authentication - e.g. OAuth* 2 with JWT for user authentication and authorization.  5. API Key Generation & Validation - API providers should expose secure methods to provide authorization code or access tokens on demand.

Making Digital Business a Reality

  I presented a successful case study on Digital Business at The Open Group Summit April 2020. The video is at  https://www.youtube.com/watch?v=G0QcC2qvnG0  

Five tips to dramatically accelerate app development

An article I authored is published here https://www.capgemini.com/2020/04/five-tips-to-dramatically-accelerate-app-development/