Tech Zone 360

The Difference Between Authentication and Authorization for API Security

Application Programming Interfaces (APIs) are the backbone of many services and applications, enabling different software to interact with each other seamlessly. However, with this increased ...
InfoWorld

Build an authentication handler for a minimal API in ASP.NET Core

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. However, “minimal” doesn’t mean minimal security. Minimal APIs ...
InfoWorld

Implement authorization for Swagger in ASP.NET Core

When building your .NET applications, you will often need to generate API documentation. To do this, you might use Swagger, a toolkit that makes it simple to provide a graphical representation of your ...
Threat Post

Predicting the Next OWASP API Security Top 10

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. As a long ...
CSOonline

Enhancing API security: dynamic authorization to protect sensitive data

API Gateways effectively manage the authentication of the user and provide service orchestration capabilities, but if sensitive data is involved, additional fine-grained authorization capabilities are ...
CSOonline

Why you need both authorization and authentication

In previous posts I have discussed in depth the importance of authorization, specifically dynamic authorization, to control access to critical information assets. However, authorization is only a ...
WeLiveSecurity

After authentication comes authorization and access control

In our first post in this series, we talked about authentication: verifying whether someone is who he or she claims to be. In many instances, this is where system administrators call it a day, by ...