Issue 67: RFC for OAuth 2.0 Token Exchange, JWT Webinar


This week, the OAuth 2.0 Token Exchange got its RFC, and there is an upcoming webinar on JWT. In addition, we take a look at where to start with securing your APIs, and how does 2020 seem to be shaping up, according to analysts.

Standard: OAuth 2.0 Token Exchange

IETF has published the RFC 8693 for OAuth 2.0 Token Exchange.

This proposed standard documents a pattern that is already widely-deployed in production use. For example, such household names as Microsoft, RedHat, and Salesforce have already adopted this approach, to name but a few.

Webinar: Are You Properly Using JWTs?

Join the webinar by Philippe Leothaud on JWT security best practices next Thursday, January 30, 2020 11:00 AM PST. This webinar will cover, for example:

  • Typical scenarios where using JWT is a good idea
  • Typical scenarios where using JWT is a bad idea!
  • The principles of zero trust architecture and why you should always validate everything
  • Best practices to thoroughly validate JWTs and the potential vulnerabilities if you do not do so
  • Use cases for when encryption might be required for JWT

Click here to register and secure your place in the webinar. First come, first served!

API security: 4 tips to keep your APIs safe

Jonathan Greig from TechRepublic has written a quick practical post on the first steps to keeping your APIs safe when they are increasingly the focus of attackers.

His four top tips for getting started with API Security:

  1. Authentication
  2. Authorization
  3. Security team setup
  4. Third-party use

Worth a read for anyone starting to looks at API security.

Analysts: Aite on 2020 cyberthreats

Aite Group has published a report on the trends in cyber security in 2020. Theirย  Top 10 list includes changes not only in technological solutions but also in business landscape and job market:

  1. The rise of the ransomware
  2. Difficulties in filling cyber security positions
  3. API security solutions
  4. Cloud misconfigurations leaking data
  5. SIEM and SOAR
  6. Increased requirements data privacy and compliance
  7. BAS solutions
  8. Microsoft aggressive in the security market
  9. Security analytics platforms replacing SIEM
  10. Flat networks

Recommended reading for anyone who wants to stay on top of the trends shaping the field.


Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy