A Checklist for API Security with Wim Remes

December 31, 2019 Dormain Drewitz

As a security expert and consultant, Wim Remes (@WimRemes), was fed up with clients using security products that had lacking API security themselves. But he knew that it was a multi-faceted problem that couldn't be addressed in one place. So, he developed a maturity model for security APIs that could serve as a check list for clients evaluating products, procurement teams involved in purchasing security products, and security vendors building the products. As it turns out, it's a pretty good checklist for any developer building APIs.

Wim sat down with Dormain Drewitz (@DormainDrewitz) and Brian McClain (@BrianMMcClain) to talk through the model, which includes factors for documentation, authentication, and design and implementation. Wim described what a "zero" or "one" versus a "five" looked like for some of these factors. How do your APIs measure up?

API security maturity model

Next steps:

 

 

About the Author

Dormain Drewitz

Dormain leads Product Marketing and Content Strategy for VMware Tanzu. Before VMware she was Senior Director of Pivotal Platform Ecosystem, including RabbitMQ, and Customer Marketing. Previously, she was Director of Product Marketing for Mobile and Pivotal Data Suite. Prior to Pivotal, she was Director of Platform Marketing at Riverbed Technology. Prior to Riverbed, she spent over 5 years as a technology investment analyst, closely following enterprise infrastructure software companies and industry trends. Dormain holds a B. A. in History from the University of California at Los Angeles.

Follow on Twitter Visit Website More Content by Dormain Drewitz
Previous
DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)
DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

When Federal people ask to secure a DevOps app creation and delivery process, what do they mean? Chris Will...

No More Articles