Leveraging open banking specifications for rigorous API security – What’s in it for you?

•

2 gefällt mir•431 views

Presented at APIdays Paris. API security is the principal concern when it comes to establishing a trusted API ecosystem. Rightly so, because opening up business systems through APIs by definition expands the attack surface that can be exploited. Although many threat vectors and vulnerabilities are well known, we have to remain on the lookout for new threats continuously. On the positive side, open standards that help defend against security threats are constantly being created and refined. What is even more helpful are the specifications that aggregate relevant standards into a comprehensive API security profile. Excellent examples of these are the current specifications that support open banking initiatives like UK Open Banking and PSD2. Could these specifications not have a wider applicability? In other words, would we be able to benefit from the security guidelines captured in these specifications in other verticals like logistics, retail, energy, healthcare and government, too? In this talk, we will compare security guidelines covered in the specifications and see to what extent they may benefit the wider enterprise API developer community.

Software

3© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Ada Lovelace
“The Analytical Engine
has no pretensions
whatever to originate
anything. It can do
whatever we know how
to order it to perform.”
Richard Taylor's Scientific Memoirs, 1843

4© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Welcome?

5© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Protecting our resources in the real
world

6© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Protecting our resources in the digital
world

7© 2018 Rogue Wave Software, Inc. All Rights Reserved.
API Specifications
Leveraging some good work already done
Source: https://kottke.org/18/04/ikea-style-instructions-for-programming-algorithms

8© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Open Banking / PSD2 specs
• Sensitive data
• Regulation
• Careful, diligent work with many stakeholders
• Applied to production systems
Why these?

9© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Initiatives / Resources

10© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Common ground
‘Layered’ approach to API security:
Transport layer
Client authentication
and authorization
Content security

11© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Summary comparison
Client authentication
and authorization
OAuth2.0
(OpenID Connect)
OAuth2.0
(Optional)
OAuth2.0
(OpenID Connect)
Content security JSON Web Tokens
(JWS)
“Signed HTTP
Messages”
“Signed HTTP
Messages”
Transport layer Mutual TLS Mutual TLS
(using eIDAS certificates)
Mutual TLS
(using eIDAS certificates)
Open Banking Berlin Group STET

12© 2018 Rogue Wave Software, Inc. All Rights Reserved.
In summary…
Ensure that each request is coming from a trusted source
MTLS
Ensures client
authenticity
OAuth
Ensures client
authorization
JWT
Ensures
message
integrity,
confidentiality,
and non-
repudiation

13© 2018 Rogue Wave Software, Inc. All Rights Reserved.
How does it all work together?
Authorization Server
Identity Provider
Backend systems
Client
mTLS
JWT
1
2
3

14© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Additional things to consider
• MFA (SCA)
User authentication: can we trust the user to be who s(he) is?
• Injection
• Cross-site scripting
• Request overload
• …
Can we trust the user’s intentions?

15© 2018 Rogue Wave Software, Inc. All Rights Reserved.
Conclusion
API security: There’s quite a lot to it
…but there’s useful specifications to help you out.
Implementing security standards is far
from trivial
…don’t do it yourself
…excellent tools in the market to help you

16© 2018 Rogue Wave Software, Inc. All Rights Reserved.

Weitere ähnliche Inhalte

Was ist angesagt?

Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...

FinTechLabs.io

DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK

Enable Salesforce Security by extending data privacy compliance controls to the cloud with the CipherCloud solution for Salesforce: -Discover what your users are doing in the cloud and prevent data loss with detailed and precise visibility over all activity in Salesforce. -Protect your cloud data with strong encryption (FIPS 140-2 validated), tokenization, and malware protection to ensure that no unauthorized users can access sensitive information. -Monitor cloud usage with complete visibility over user activity and alerting on user behavior anomalies

CipherCloud for Salesforce - Solution Overview

CipherCloud

OpenID Foundation Research & Education Working Group Update - October 22, 2018

OpenIDFoundation

Technology has added proficiency and top-notch amenities to day-by-day life. These comforts incorporate the new digital attributes computer experts have figured out how to apply in various industries such as information security. The digital notion of these new norms of currencies adds a few advantages that appeal to its users and have prompted their expanding notoriety. While anyone can quickly get involved with the energy and possibly rewarding nature of cryptocurrencies, it’s essential to understand how they impact the information security industry and how cryptocurrency security can be achieved.

How might cryptocurrencies impact

OliviaJune1

CipherCloud Technology Overview: Tokenization

CipherCloud

Security and Trust for Digital Transactions : Dictao presentation during the ...

Dictao

How the hospitality industry take the benefits of blockchain technology

Blockchain Council

DevDay: Mike Hearn Keynote, R3

As APIs continue to drive digital transformation efforts in the enterprise and support innovative customer experiences, securing them has never been more important. Principal Regional Solution Architect, Philippe Dubuc introduces how to leverage OpenID Connect, OAuth2 and new emerging standards to protect APIs at API Days Paris on 11 December, 2018. In addition, Philippe goes over how the Intelligent Ping Identity Platform can be used to protect APIs in a pro-active way and how AI can help to protect against attacks. Learn more: http://ow.ly/2Ojm30n1rCT

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...

Ping Identity

Blockchain's Third Wave: Tokenization, Payments, and Atomic Settlement

Reconnex is the leader in information monitoring and protection appliances designed for any organization, including enterprises, government agencies or education institutions that want to protect their brands, maintain compliance, or protect sensitive information. A privately-held company based in Silicon Valley, Calif., Reconnex protects information for companies such as Cadence, WebEx Communications, The George Washington University, SIRVA and Maimonides Medical Center.

Reconnex

gigamon

In this webcast, KuppingerCole´s Principal Analyst Martin Kuppinger will introduce the concept of Identity Management for the Internet of Things. Following Martin's opening talk, ForgeRock´s Gerhard Zehethofer will discuss how ForgeRock is now extending these capabilities into the areas of managed and unmanaged devices, enhancing the customer experience as well as security and privacy at scale for people, services, and things.

Digital Identities in the Internet of Things - Securely Manage Devices at Scale

ForgeRock

Let’s be frank. Your identity platform is only as good as its foundation. “Identity done right” gets done wrong without a rock-solid directory to store and access all that identity data. While certainly not a sexy topic… directory is your plumbing making it a critical aspect regardless of its appeal. Good news for you however, either way you look at it our Directory Services, built from the OpenDJ project, is the gold standard: decades of telco experience led us to develop a high-performance, web-scale directory, delivering throughput in the tens-of-thousands of logins per second. We’re not s*itting you when we say we’ve got a lot of experience where the Sun don’t shine! Webinar Highlights: - Intro to the ForgeRock Identity Platform - New features available in the release - What does performance, scalability, and high availability to manage data for hundreds of millions of users, devices, and things look like? Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Directory Services with the ForgeRock Identity Platform - So What’s New?

ForgeRock

Blockchains have attracted overwhelming global interest within the governments and businesses, with applications in key industries, such as finance, insurance, logistics, energy and transportation. The blockchain technology is foreseen as a key component of future smart cities and companies by enhancing the security, data management and process automation. However, there is still a number of challenges on multiple stages that need to be solved prior to substantial adoption of blockchain technology in the enterprise, starting from scalability and manageability of blockchain networks up to integration, privacy and compliance issues. These and other challenges are discussed in the talk, together with existing and future approaches to solve them.

Challenges of Blockchain Technology for the Enterprise

Eugene Aseev

OAuth and OpenID Connect for PSD2 and Third-Party Access

Nordic APIs

You still need to protect employees in the digital age, but the real opportunity for digital transformation lies in using identity not just to protect employees, but to get to know, interact with, and connect to prospects and customers across any channel–whether cloud, social, mobile, or the Internet of Things (IoT). Customer Identity Management requires going above and beyond a secure login. From a security perspective, you need continuous security that follows the user throughout their entire session. And as customers share data, from demographics to preferences to buying habits, you can use it to create authentic, engaging customer experiences that lead to lasting customer relationships. Better yet, you can earn customer trust while meeting privacy regulations like GDPR, by giving customers control over who has access to their data and for how long.

Identity Live Sydney 2017 - Daniel Raskin

ForgeRock

Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...

ForgeRock

Presenter: Loren Russon, Ping Identity VP of Products Management and Design. Managing digital identities and access control for users, applications and things remains one of the greatest challenges facing cloud computing today. This has led to a new cloud security service paradigm that requires your organization to reevaluate the criteria for designing and implementing identity and access management (IAM) services across data centers, and private and public cloud infrastructure. This new criteria addresses the continued transformation to the cloud, mobile and internet of things (IoT), and the increased demand for open business balanced by user data security found in initiatives such as GDPR, Open Banking and PSD2. In this session, you will learn about key requirements and design principles required for modern IAM systems, and how to effectively drive digital transformation, address user data security regulations and ensure you successfully manage your company’s transformation to the cloud.

Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)

Ping Identity

MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE

MITRE - ATT&CKcon

Was ist angesagt? (20)

Authlete FAPI Implementation Part 1 #fapisum - Japan/UK Open Banking and APIs...

DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK

CipherCloud for Salesforce - Solution Overview

OpenID Foundation Research & Education Working Group Update - October 22, 2018

How might cryptocurrencies impact

CipherCloud Technology Overview: Tokenization

Security and Trust for Digital Transactions : Dictao presentation during the ...

How the hospitality industry take the benefits of blockchain technology

DevDay: Mike Hearn Keynote, R3

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...

Blockchain's Third Wave: Tokenization, Payments, and Atomic Settlement

Reconnex

Digital Identities in the Internet of Things - Securely Manage Devices at Scale

Directory Services with the ForgeRock Identity Platform - So What’s New?

Challenges of Blockchain Technology for the Enterprise

OAuth and OpenID Connect for PSD2 and Third-Party Access

Identity Live Sydney 2017 - Daniel Raskin

Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...

Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)

MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE

Ähnlich wie Leveraging open banking specifications for rigorous API security – What’s in it for you?

Adding layers of security to an API in real-time

Rogue Wave Software

Spellpoint - Securing Access for Microservices

Ubisecure

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Novel approaches in API security Dr Tal Steinherz, CTO at Syber.ai ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...

apidays

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

APIsecure_ Official

Why Assertion-based Access Token is preferred to Handle-based one?

Hitachi, Ltd. OSS Solution Center.

Mobile security part 2

Romansh Yadav

apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...

apidays

apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...

apidays

PSD2-driven Open Banking is here, and with it comes challenges in understanding what it means, choosing which standards organizations to follow, which practices are right for you, and whether to aim for regulatory compliance only or use the regulation as an opportunity to differentiate and transform. From a strategic and technical point of view, compliance dictates that now is the time to chart a precise implementation for your organization – do you know where to begin?

PSD2 & Open Banking: How to go from standards to implementation and compliance

Rogue Wave Software

This presentation was given at the Auckland API and Microservices MeetUp, 2016-MAR-03. The connected world is increasingly reaching from the virtual domain into the physical, through the rapid evolution of connected devices. What are the behavior and business patterns that are shaping this convergence? Where are the sources of innovation, what forces are shaping investments and value creation? What is the role of the enterprise? We explore the landscape with an eye for technology gaps and business opportunity.

2016-Mar-03 Leppitsch in Auckland meetup

Michael Leppitsch

Lightweight Zero-trust Network Implementation and Transition with Keycloak an...

Hitachi, Ltd. OSS Solution Center.

KubeConRecap_nakamura.pdf

Hitachi, Ltd. OSS Solution Center.

APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...

apidays

AWS Security Week: Lacework - Automating Cloud Security at Scale

Amazon Web Services

In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.

Threat Detection and Mitigation at Scale on AWS

Amazon Web Services

1400 ping madsen-nordicapis-connect-01

Nordic APIs

Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit

Amazon Web Services

Serverless computing is a paradigm shift in software development, enabling increased innovation, agility, and cost savings. As a developer, how do you build enterprise-grade security measures into your serverless application to protect your data and meet compliance requirements? In this workshop, participants get hands-on experience applying security best practices to improve the security posture of a basic serverless application. We examine coding best practices for security as well as many of the security features and services provided by the AWS platform, including Amazon Cognito, AWS WAF, Amazon API Gateway input validation, API Gateway usage plans, AWS Secrets Manager, AWS X-Ray, and more.

Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018

Amazon Web Services

In this webinar from November 2015, John Barco (VP of Product Management) and Tim Sedlack (Sr. Product Manager) take you on a journey: A long time ago in a technology sector far, far away, organizations were promised a unified platform for centralizing identity and integrating it into resources everywhere. But this promise was never realized. Instead, organizations were forced down a dark path to implement a piecemeal identity infrastructure that was painful, with massive integration costs. Finally, the wait is over. In this webinar, we will provide an overview of ForgeRock's unified platform and highlight all the common services provided across the end-to-end solution to make your life easier. Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Webinar: Identity Wars: The Unified Platform Awakens

ForgeRock

Technology has grown at an unprecedented rate in recent years. We now are tasked to create applications that will provide us with the flexibility to adapt to this unparalleled growth. We will look at the state of SSO including applicable standards, such as SAML, OpenId Connect, to gain an understanding of the bigger picture and examine how this new technology can be leveraged to help serve our customers.

Identity Management: Using OIDC to Empower the Next-Generation Apps

Tom Freestone

Ähnlich wie Leveraging open banking specifications for rigorous API security – What’s in it for you? (20)

Adding layers of security to an API in real-time

Spellpoint - Securing Access for Microservices

apidays LIVE Singapore 2021 - Novel approaches in API security by Dr Tal Stei...

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

Why Assertion-based Access Token is preferred to Handle-based one?

Mobile security part 2

apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...

PSD2 & Open Banking: How to go from standards to implementation and compliance

2016-Mar-03 Leppitsch in Auckland meetup

Lightweight Zero-trust Network Implementation and Transition with Keycloak an...

KubeConRecap_nakamura.pdf

APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...

AWS Security Week: Lacework - Automating Cloud Security at Scale

Threat Detection and Mitigation at Scale on AWS

1400 ping madsen-nordicapis-connect-01

Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit

Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018

Webinar: Identity Wars: The Unified Platform Awakens

Identity Management: Using OIDC to Empower the Next-Generation Apps

Mehr von Rogue Wave Software

Open Banking is being driven by regulation in Europe, however, it is ultimately about expanding consumer choice in financial services. Open Banking provides opportunities for financial services and FinTech companies as well as consumers. In this webinar, we’ll examine the influence of Open Banking across the globe and the key differences between regulation-led and market-led initiatives. We’ll also explore essential security standards in Open Banking and how they contribute to a secure Open Banking API interface.

The Global Influence of Open Banking, API Security, and an Open Data Perspective

Rogue Wave Software

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Rogue Wave Software

In today’s economy, companies of all kinds are looking to disrupt their own and other industries across everything from banking through logistics and retail. Disruption and innovation are typically built on the back of a digital transformation strategy; disrupting a market is all about finding new ways of servicing customers through innovative channels or approaches. APIs have become the foundation of disruption, innovation, and digital transformation. This presentation will help you understand the necessary components of a well-constructed API strategy, with particular attention paid to security.

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Rogue Wave Software

API management plays an important role in many large enterprises as it sets up the foundation for accelerating the integration of applications, databases, and key processes to derive business value from your APIs. How do you know if your organization is getting the most value out of your API management platform? Ian Goldsmith from Rogue Wave for an in-depth discussion of the importance of an enterprise-class API architecture and key considerations to ensure you are getting the most from your API management platform. As well as a case study that demonstrates how one organization uses the Akana API Platform to create a secure, integrated system to mitigate the risks of business on a public cloud network.

Getting the most from your API management platform: A case study

Rogue Wave Software

Presented at Supercomputing 18. Debugging and analyzing today's HPC applications requires a tool with capabilities and features to support the demands of today’s complex HPC applications. Debugging tools must be able to handle the extensive use of C++ templates and the STL, use of many shared libraries, optimized code, code leveraging GPU accelerators and applications constructed with multiple languages. This presentation walks through the different advanced technologies provided by the debugger, TotalView for HPC, and shows how they can be used to easily understand complex code and quickly solve difficult problems. Showcasing TotalView’s new user interface, you will learn how to leverage the amazing technology of reverse debugging to replay how your program ran. You will also see how TotalView provides a unified view across applications that utilize Python and C++, debug CUDA applications, find memory leaks in your HPC codes and other powerful techniques for improving the quality of your code.

Advanced technologies and techniques for debugging HPC applications

Rogue Wave Software

This is a classic example of older technology not being used to its fullest, which Justin proves by walking through little-known configuration and optimization tricks that get data flowing reliably and efficiently – even for today’s complexity and scale. This session covers: A – Camel basics, understanding Exchanges, Routes, and how to implement EIPs with them B – Examples of real implementations of common EIPs like Content Based Routers and Recipient Lists C – Integration of Camel with common endpoints, like JMS, FTP, and HTTP

The forgotten route: Making Apache Camel work for you

Rogue Wave Software

Are open source and embedded software development on a collision course?

Rogue Wave Software

Microservices and APIs might sound like fairy dust you sprinkle on applications to make them “agile,” judging by today’s industry talk. The reality is that they work as the critical foundations for digital transformation only when done right. The goal isn’t simply to build agile apps, it’s for businesses to gain agility and thrive against the onslaught of digital disruption – and this requires going deeper. Organizations must ensure microservices and APIs add value, and also understand how to put the two together. Walk away with a better understanding of microservices and APIs and be better prepared to drive the right solutions for your organization. Watch on-demand webinar at www.roguewave.com

Three big mistakes with APIs and microservices

Rogue Wave Software

Whether starting from greenfield or modernizing existing infrastructure, how do you remove the guesswork in deploying and maintaining cloud-based, business-critical workloads? From architectural decisions to fine-tuning scale and performance, our open source architects explain how top enterprises build and maintain their open source stacks, focusing on operational agility and cost-effectiveness. You will walk away with real use case examples and five ways to better plan and deliver your next cloud strategy.

5 strategies for enterprise cloud infrastructure success

Rogue Wave Software

With the release of Java 10, the impact of Java 9, and the spread of multiple emerging technologies, the biggest questions for high-performing development teams is: How do we keep up and take advantage of the features relevant to us? Java experts, Toomas Romer and Rod Cope, discuss recent changes to the language and how they impact tools, development velocity, and the ability to innovate; along with industry insights to better plan for more complex systems, the inevitable modernization, and adapting to scale.

Java 10 and beyond: Keeping up with the language and planning for the future

Rogue Wave Software

On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes. The initial step in helping make sure teams are in compliance with open source licenses is education. The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Rogue Wave Software

This isn’t your typical case study, this is the reality of open source: One hundred percent of organizations use varying degrees of OSS, yet we still focus on one particular package or layer when it comes to sharing best practices. The reality is, when we get stuck, it’s the configuration and operational interrelationships between packages that matter. This session takes open source support data across multiple organizations to examine three different scenarios that represent the most common issues we see today (in fact, 80% of the cases we see are due to configuration and package interrelationship issues). Justin Reock covers e-commerce, mobile PaaS, and high performance computing examples to illustrate top problems and solutions for stack selection, infrastructure implementation, and production troubleshooting.

Open source applied - Real world use cases (Presented at Open Source 101)

Rogue Wave Software

For users of SourcePro and Tools.h++, the future of Solaris is uncertain, as seen by the recent reductions of the Oracle Solaris team and an increase in inquiries we're receiving on how to migrate applications from Solaris to Linux. Prepare for your future by joining this webinar on how to best plan and execute a successful migration for your SourcePro or Tools.h++ components. Our technical experts walk through: - Options to migrate code that contains Tools 7 or Tools.h++ libraries - Tips and tricks to migrate code to Linux - How to determine whether you can do it yourself - What to tell your service provider Whether you plan to do it yourself or enlist Rogue Wave professional services, at the end of this webinar you will understand the best path for migration.

How to migrate SourcePro apps from Solaris to Linux

Rogue Wave Software

The HPC community is embracing the advantages of mixed-language development environments, presenting challenges for debugging and testing when application execution and data flow cross languages. How can we take advantage of the unique features offered by different languages while minimizing the impact on bug reproduction, root-cause analysis, and solution? This presentation walks through the current mixed-language HPC landscape to describe the problems with testing these types of applications and best-practice solutions using TotalView for HPC. You will learn how these architectures make it easy to “steer” computation between modules of different languages, to accelerate prototyping and development, and how advanced testing techniques provide visibility into the call stack and data for efficient debugging.

Approaches to debugging mixed-language HPC apps

Rogue Wave Software

Red Hat Enterprise Linux (RHEL) is the dominant distribution used by commercial organizations today. But did you know that there's a functionally-compatible alternative that offers options when it comes to licensing, support, and cost effectiveness? Whether you're thinking about moving away from RHEL or have already made the decision, this webinar gives you the background, proof points, and data to justify why moving to CentOS makes sense. At the end of this presentation, you will have all the data you need to consider for an enterprise Linux migration activity and reasons why CentOS is a viable, cost-effective solution.

Enterprise Linux: Justify your migration from Red Hat to CentOS

Rogue Wave Software

Dive deep into an actual enterprise Linux migration by walking through the planning and execution of the process as seen by our customers. Our enterprise architects will break down the key migration steps to explain the available options, decisions made, and demonstrate actions on a live system. This episode gives you a representative migration experience before you actually migrate, illustrating: Side-by-side comparisons between Red Hat Enterprise Linux and CentOS; steps to consider for the operating system; and steps to consider for common application stacks and packages.

Walk through an enterprise Linux migration

Rogue Wave Software

How to keep developers happy and lawyers calm

Rogue Wave Software

With open source software being used these days in enterprises both large and small, the path to faster code is clear. But you need to weight the open source adoption against the risks. In embedded software, risk can equate to late releases, over-budget projects, and in some cases, casualties to life and limb. It’s a classic risk versus reward scenario. Are you confident your embedded developers know how to estimate the risks? In this presentation, Rod Cope discusses the most effective uses of open source software; how to avoid license risk; and reduce critical safety and security issues. Those involved in developing embedded software will have the right understanding, can ask the right questions, and leverage OSS to gain the most while risking the least.

Open source and embedded software development

Rogue Wave Software

Open source software drives efficiency and innovation, but affects your application stacks and introduces new challenges to keeping them highly available and performing. Find out about the hottest open source options and how they can help your organization achieve better uptime and performance levels. We also explore the tradeoffs of using open source software, how to evaluate and assess the available types, and the potential effects on your applications and infrastructure.

Open source software: The infrastructure impact

Rogue Wave Software

Migrating mission-critical enterprise systems requires careful planning, preparation, and execution—plus a healthy dose of experience. It's one thing to migrate the operating system, it's another to port the application stack, with all its commercial and open source packages, configurations, and connections to the outside environment. This episode guides your Linux migration strategy using Red Hat Enterprise Linux and CentOS.

Plan a successful enterprise Linux migration

Rogue Wave Software

Mehr von Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Getting the most from your API management platform: A case study

Advanced technologies and techniques for debugging HPC applications

The forgotten route: Making Apache Camel work for you

Are open source and embedded software development on a collision course?

Three big mistakes with APIs and microservices

5 strategies for enterprise cloud infrastructure success

Java 10 and beyond: Keeping up with the language and planning for the future

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Open source applied - Real world use cases (Presented at Open Source 101)

How to migrate SourcePro apps from Solaris to Linux

Approaches to debugging mixed-language HPC apps

Enterprise Linux: Justify your migration from Red Hat to CentOS

Walk through an enterprise Linux migration

How to keep developers happy and lawyers calm

Open source and embedded software development

Open source software: The infrastructure impact

Plan a successful enterprise Linux migration

Kürzlich hochgeladen

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

SHRMPro HRMS Software Solutions Presentation

Shrmpro

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts In Chinsurah ❤Personal Whatsapp Number Chinsurah Call Girls 8617697112 💦✅. Chinsurah escorts we are avaliable for our all types budget customers with offer great deals in Chinsurah.Call Now our Chinsurah escort service & call girls ... Independent call girls in Chinsurah escorts available 24 hours a day for discreet incall and outcall bookings from trusted call girls - Elis.in. Nitya salvi Chinsurah escorts service agency # Are you looking for sexy call girls ? Call our agency to get you dream independent call girl, ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

Nitya salvi

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

masabamasaba

Software Quality Assurance Interview Questions

Arshad QA

Abortion Clinic And Abortion Pills For Sale in Oman MEDICAL ABORTION PILLS FOR SALE in Fujairah , Ajman, Al Ain Quality Abortion services provided by specialists. Women's health problems. A same day service, safe, legal & pain free Abortions. From 1 week to 5 months. We use tested and approved pills. It's 100% guaranteed & safe. No side effects at all. We also do free womb cleaning and free pills delivery. We sell pregnancy termination pills {ABORTION PILLS} Our service is ever private with all our clients. Call/WhatsApp:

%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...

masabamasaba

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

InShot proinshot.com stands tall among its peers as the ultimate video editing app, offering simplicity, versatility, and power in one package. With its intuitive interface and comprehensive feature set, InShot caters to both beginners and seasoned editors alike. Whether you're creating content for social media, YouTube, or personal projects, InShot empowers you to unleash your creativity and transform your videos into captivating masterpieces. Join the millions of users who trust InShot https://www.proinshot.com/ for all their video editing needs and discover the difference for yourself!

Exploring the Best Video Editing App.pdf

proinshot.com

%in Durban+277-882-255-28 abortion pills for sale in Durban

masabamasaba

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

Kürzlich hochgeladen (20)

VTU technical seminar 8Th Sem on Scikit-learn

Microsoft AI Transformation Partner Playbook.pdf

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

SHRMPro HRMS Software Solutions Presentation

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

Software Quality Assurance Interview Questions

%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

Exploring the Best Video Editing App.pdf

%in Durban+277-882-255-28 abortion pills for sale in Durban

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

Define the academic and professional writing..pdf

%in Midrand+277-882-255-28 abortion pills for sale in midrand

10 Trends Likely to Shape Enterprise Technology in 2024

AI & Machine Learning Presentation Template

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Leveraging open banking specifications for rigorous API security – What’s in it for you?

3. 3© 2018 Rogue Wave Software, Inc. All Rights Reserved. Ada Lovelace “The Analytical Engine has no pretensions whatever to originate anything. It can do whatever we know how to order it to perform.” Richard Taylor's Scientific Memoirs, 1843

8. 8© 2018 Rogue Wave Software, Inc. All Rights Reserved. Open Banking / PSD2 specs • Sensitive data • Regulation • Careful, diligent work with many stakeholders • Applied to production systems Why these?

11. 11© 2018 Rogue Wave Software, Inc. All Rights Reserved. Summary comparison Client authentication and authorization OAuth2.0 (OpenID Connect) OAuth2.0 (Optional) OAuth2.0 (OpenID Connect) Content security JSON Web Tokens (JWS) “Signed HTTP Messages” “Signed HTTP Messages” Transport layer Mutual TLS Mutual TLS (using eIDAS certificates) Mutual TLS (using eIDAS certificates) Open Banking Berlin Group STET

12. 12© 2018 Rogue Wave Software, Inc. All Rights Reserved. In summary… Ensure that each request is coming from a trusted source MTLS Ensures client authenticity OAuth Ensures client authorization JWT Ensures message integrity, confidentiality, and non- repudiation

14. 14© 2018 Rogue Wave Software, Inc. All Rights Reserved. Additional things to consider • MFA (SCA) User authentication: can we trust the user to be who s(he) is? • Injection • Cross-site scripting • Request overload • … Can we trust the user’s intentions?

15. 15© 2018 Rogue Wave Software, Inc. All Rights Reserved. Conclusion API security: There’s quite a lot to it …but there’s useful specifications to help you out. Implementing security standards is far from trivial …don’t do it yourself …excellent tools in the market to help you

Hinweis der Redaktion

The ‘inevitable conflict’ between opening shop and only allowing entrance to trusted customers. Image creator: Lukiyanova Natalia NOTE: applying API security may well be expected to become mandatory, as we see it with open banking. But it is also highly relevant from other regulatory perspectives, like GDPR.
The ‘inevitable conflict’ between opening shop and only allowing entrance to trusted customers. All kinds of ‘standards’ to protect resources. In tech terms, there are standards like the the specs for OAuth2.0, OpenID Connect, mTLS, JWT, etc. Security door guard Camera protected entrance Full-height turnstile Note: what’s clear is that NOT any means is applicable to the job.
All kinds of ‘standards’ to protect resources. In tech terms, there are standards like the the specs for OAuth2.0, OpenID Connect, mTLS, JWT, etc. Various standards that have emerged, that help with addressing API security concerns.
NOTE: applying API security may well be expected to become mandatory, as we see it with open banking. It is also highly relevant from other regulatory perspectives, like GDPR.
OAuth2.0 icon: jlabusch.github.io/oauth2-server
…

Leveraging open banking specifications for rigorous API security – What’s in it for you?

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Leveraging open banking specifications for rigorous API security – What’s in it for you?

Ähnlich wie Leveraging open banking specifications for rigorous API security – What’s in it for you? (20)

Mehr von Rogue Wave Software

Mehr von Rogue Wave Software (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Leveraging open banking specifications for rigorous API security – What’s in it for you?

Hinweis der Redaktion