TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Celebrating a Year of Commitment to CNCF Flux: Sustainability, Innovation, and Growth
Feb 4th 2025 11:00am, by Francesco Beltramini
Percona Backs Valkey With Enterprise-Grade Support
Feb 4th 2025 8:00am, by Joab Jackson
AI Is Spamming Open Source Repos With Fake Issues
Feb 3rd 2025 11:01am, by Loraine Lawson
US Blocks Open Source 'Help' From These Countries
Jan 30th 2025 11:00am, by Steven J. Vaughan-Nichols
12 Critical Open Source Projects Losing Security Support in 2025
Jan 30th 2025 9:30am, by Greg Allen
Celebrating a Year of Commitment to CNCF Flux: Sustainability, Innovation, and Growth
Feb 4th 2025 11:00am, by Francesco Beltramini
We Need to Cut Down on Cloud Waste in 2025
Jan 23rd 2025 9:30am, by Devnag Padavala
Cloud Native Computing Now Has Its Own File System: CubeFS
Jan 22nd 2025 6:30am, by Joab Jackson
How To Build Cost-Efficient Cloud Architectures for GenAI Workloads
Jan 21st 2025 10:30am, by Vijay Verma
Build an Open Source Kubernetes GitOps Platform, Part 2
Jan 21st 2025 9:30am, by John Dietz
Introduction to Containers
Jan 31st 2025 9:00am, by TNS Staff
Docker Basics: How to Use Dockerfiles
Jan 30th 2025 11:20am, by Jack Wallen
Netkit to Network a Million Containers for ByteDance
Jan 29th 2025 6:00am, by Joab Jackson
Docker Replacement Flox Has Libraries for Kubernetes
Jan 17th 2025 11:00am, by B. Cameron Gain
WebAssembly and Containers' Love Affair on Kubernetes
Jan 10th 2025 8:39am, by B. Cameron Gain
Vercel Rolls Out More Cost-Effective Infrastructure Model
Feb 5th 2025 1:00pm, by Loraine Lawson
Why Red Hat Had To Improve the Edge Developer Experience
Nov 25th 2024 8:08am, by B. Cameron Gain
KubeEdge Extends Cloud Native Beyond the Data Center
Oct 15th 2024 9:00am, by Joab Jackson
Integration of AI With IoT Brings Agents to Physical World
Oct 8th 2024 7:46am, by Janakiram MSV
From VMs to AI: How Edge Computing Is Evolving
Sep 13th 2024 3:54am, by Ben Cohen
Introduction to Containers
Jan 31st 2025 9:00am, by TNS Staff
Microservices Testing Cycles Are Too Slow
Dec 18th 2024 7:00am, by Arjun Iyer
Why Your Microservice Integration Tests Miss Real Problems
Dec 4th 2024 6:00am, by Arjun Iyer
Improve Microservices With These New Load Balancing Strategies
Nov 8th 2024 3:00am, by Dhruv Kumar Seth
How To Fail at Microservices
Nov 1st 2024 3:00am, by Ashley Davis
Netkit to Network a Million Containers for ByteDance
Jan 29th 2025 6:00am, by Joab Jackson
NVMe-oF Substantially Reduces Data Access Latency
Jan 27th 2025 7:46am, by Carol Platz
Cloud Monitoring’s Blind Spot: The User Perspective
Jan 15th 2025 8:30am, by Brandon DeLap
OpenVPN or WireGuard? A Detailed Performance Breakdown
Nov 28th 2024 6:00am, by Edward Viaene
Deciphering the Open Systems Interconnection Model
Nov 25th 2024 7:25am, by Laura Santamaria
Serverless for AI Devs: Modal's Python and Rust Based Platform
Jan 22nd 2025 2:30pm, by Richard MacManus
2025 Trending Cloud Services: Industry-Specific and Serverless
Jan 4th 2025 3:47am, by Chris J. Preimesberger
Use These Two Approaches To Deploy ML Models on AWS Lambda
Dec 18th 2024 11:04am, by Gaurav Mittal
Pinecone Revamps Retrieval Capabilities for Its Vector Database Platform
Dec 2nd 2024 7:00pm, by Jelani Harper
Running AI Models Without GPUs on Serverless Platforms
Nov 25th 2024 1:37pm, by Rak Siva
Why JioCinema Skipped Redis for Recommendation Bloom Filters
Feb 5th 2025 7:00am, by Cynthia Dunlop
Observability Isn't Enough. It's Time To Federate Log Data
Feb 4th 2025 9:00am, by Franz Knupfer
The Case for Telemetry Pipelines
Jan 31st 2025 8:01am, by Paige Cruz
Why Teams Are Ditching DynamoDB
Jan 28th 2025 7:00am, by Felipe Cardeneti Mendes and Guilherme Nogueira
NVMe-oF Substantially Reduces Data Access Latency
Jan 27th 2025 7:46am, by Carol Platz
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
Top Strategies for Building Scalable and Secure AI Applications
Feb 5th 2025 12:00pm, by
New Tool Generates Angular Components From Design
Feb 5th 2025 6:00am, by
AI Is Spamming Open Source Repos With Fake Issues
Feb 3rd 2025 11:01am, by
Developer’s Introduction to the Replicate AI Playground
Feb 1st 2025 6:00am, by
The State of API Management in an Age of AI Insecurity
Jan 31st 2025 7:00am, by
How To Use Ollama: Set Up and Run a Local LLM With Llama 3
Jan 29th 2025 8:15am, by
Simplify AI Development with Machine Learning Containers
Jan 28th 2025 7:46am, by
AI Alignment in Practice: What It Means and How to Get It
Jan 28th 2025 5:02am, by and
How Developers Can Take Advantage of Perplexity’s Sonar LLMs
Jan 27th 2025 6:52am, by
Real-Time AI Apps: Using Apache Flink for Model Inference
Jan 22nd 2025 9:30am, by
Vercel Rolls Out More Cost-Effective Infrastructure Model
Feb 5th 2025 1:00pm, by
Slow Is Officially the New Down. So Now What?
Feb 5th 2025 9:01am, by
New Tool Generates Angular Components From Design
Feb 5th 2025 6:00am, by
Astro 5.2 Brings Tailwind 4 Support and New Features
Feb 1st 2025 8:00am, by
How a New Breed of Sync Engines Solves Frontend Problems
Jan 30th 2025 10:30am, by
How to Run an Effective Sprint Review
Feb 5th 2025 10:00am, by
How Brands Can Use AI in 2025 To Close the CX Expectation Gap
Feb 4th 2025 10:00am, by
AI Is Spamming Open Source Repos With Fake Issues
Feb 3rd 2025 11:01am, by
Introduction to Software Testing
Feb 2nd 2025 6:00am, by
The Hidden Costs of Multiple Service Catalogs in Development
Jan 31st 2025 12:00pm, by
The State of API Management in an Age of AI Insecurity
Jan 31st 2025 7:00am, by
Why Your API Strategy Needs a Rethink
Jan 16th 2025 12:00pm, by
How To Prepare API Products for Low-Code and No-Code Integrations
Jan 15th 2025 11:30am, by
APIs Are Quickly Becoming the Latest Security Battleground (And Nightmare)
Jan 14th 2025 12:00pm, by
It's Time To Start Preparing APIs for the AI Agent Era
Jan 8th 2025 1:00pm, by
Building Autonomous Systems in Python with Agentic Workflows
Jan 29th 2025 7:00am, by
Serverless for AI Devs: Modal's Python and Rust Based Platform
Jan 22nd 2025 2:30pm, by
Why Every Python Dev Needs Virtual Environments Now
Jan 9th 2025 7:30am, by
Configure Email Notifications With Amazon SES, Lambda and DynamoDB
Jan 9th 2025 6:38am, by
A Developer's Guide to the AutoGen AI Agent Framework
Jan 7th 2025 5:05am, by
Mastering JavaScript Proxies and Reflect for Real-World Use
Feb 5th 2025 8:00am, by
New Tool Generates Angular Components From Design
Feb 5th 2025 6:00am, by
Astro 5.2 Brings Tailwind 4 Support and New Features
Feb 1st 2025 8:00am, by
Tailwind CSS Gets a ‘Ground-Up Rewrite’ for Version 4.0
Jan 25th 2025 6:00am, by and
What's in the New Node.js, and How Do You Install It?
Jan 23rd 2025 7:23am, by
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by
Configure Microservices in NestJS: A Beginner’s Guide
Oct 11th 2024 12:00pm, by
Why ChatGPT Shifted From Next.js To Remix: Some Theories
Sep 14th 2024 8:05am, by
WebAssembly Gets Polyglot Development Boost in Spin 3.0
Jan 28th 2025 4:45am, by
Wasm Spin and SpinKube's Rocky Road to CNCF Sandbox Status
Jan 27th 2025 5:32am, by
Microsoft's Hyperlight WebAssembly for VMs Is Open Source
Jan 18th 2025 8:00am, by
The Rise of Rust and WebAssembly in Web Development
Jan 16th 2025 9:00am, by
Want a Web Framework for Rust, Not JavaScript? Try Leptos
Jan 13th 2025 7:21am, by
A Developer's Guide to Azure AI Agents
Feb 4th 2025 12:00pm, by
How Brands Can Use AI in 2025 To Close the CX Expectation Gap
Feb 4th 2025 10:00am, by
How Amazon EKS Auto Mode Simplifies Kubernetes Cluster Management (Part 1)
Jan 31st 2025 7:00am, by
Infrastructure as Code: From Imperative to Declarative and Back Again
Jan 30th 2025 12:00pm, by
Cloud vs. On-Prem: Which Is Better for Your Kubernetes Cluster?
Jan 30th 2025 11:30am, by
Observability Isn't Enough. It's Time To Federate Log Data
Feb 4th 2025 9:00am, by
Introduction to Databases
Feb 4th 2025 7:00am, by
Introduction to Data Streaming
Feb 3rd 2025 9:39am, by
What Leonardo DaVinci Teaches About Data Management
Jan 29th 2025 8:00am, by
ICYMI: DeepSeek Is an Open Source Success Story
Jan 28th 2025 12:52pm, by
Top Strategies for Building Scalable and Secure AI Applications
Feb 5th 2025 12:00pm, by
Here’s How Standardization Can Fix the Identity Security Problem
Feb 5th 2025 11:00am, by
Linux Security: Scan Your Servers for Rootkits With Ease
Feb 2nd 2025 8:00am, by
The State of API Management in an Age of AI Insecurity
Jan 31st 2025 7:00am, by
US Blocks Open Source 'Help' From These Countries
Jan 30th 2025 11:00am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Developers Unhappy With Tool Sprawl, Lagging Data, Long Waits
Feb 5th 2025 3:00pm, by Jennifer Riggins
3 Key Benefits of Platform Engineering
Feb 3rd 2025 6:57am, by Rajiv Thakkar
The Hidden Costs of Multiple Service Catalogs in Development
Jan 31st 2025 12:00pm, by Sam Nixon
How To Build an AI-Powered Tech Platform, Avoiding Common Failure Points
Jan 31st 2025 10:00am, by Pete Horst
Return to PaaS: Building the Platform of Our Dreams
Jan 23rd 2025 8:30am, by Doug Sillars
The Engineer's Guide to Controlling Configuration Drift 
Feb 3rd 2025 8:00am, by Saqib Jan
3 Key Benefits of Platform Engineering
Feb 3rd 2025 6:57am, by Rajiv Thakkar
System Operators to Timekeepers: What Will Replace Leap Seconds?
Feb 2nd 2025 7:00am, by David Cassel
Shifting Left: How SREs and Developers Can Finally Work in Sync
Jan 31st 2025 11:30am, by Matar Peles
OTel, Elastic Collaborate to Make Observability More Accessible
Jan 31st 2025 10:30am, by Meredith Shubel
Mastering JavaScript Proxies and Reflect for Real-World Use
Feb 5th 2025 8:00am, by Zziwa Raymond Ian
Shifting Left: How SREs and Developers Can Finally Work in Sync
Jan 31st 2025 11:30am, by Matar Peles
Why Mocks Fail: Real-Environment Testing for Microservices
Jan 30th 2025 8:30am, by Anirudh Ramanathan
Securing the Software Supply Chain: A 2035 Blueprint 
Jan 30th 2025 6:24am, by Dan Lorenc
Building Autonomous Systems in Python with Agentic Workflows
Jan 29th 2025 7:00am, by Oladimeji Sowole
Hello, World! What Happened to the Inner Dev Loop?
Jan 31st 2025 6:04am, by Steve Rodda
Habits To Start Now To Become a Healthy Senior Coder
Jan 26th 2025 6:00am, by David Cassel
7 Tips for Building High-Performance Development Teams
Jan 23rd 2025 11:30am, by Brian Wald
Why You Should Reconsider Your 'Big Tech' Job in 2025
Jan 22nd 2025 11:00am, by Jennifer Riggins
The Future and the Floor: Framing Investments for Growth
Jan 10th 2025 11:28am, by Hannah Henderson
System Operators to Timekeepers: What Will Replace Leap Seconds?
Feb 2nd 2025 7:00am, by David Cassel
Hello, World! What Happened to the Inner Dev Loop?
Jan 31st 2025 6:04am, by Steve Rodda
Habits To Start Now To Become a Healthy Senior Coder
Jan 26th 2025 6:00am, by David Cassel
Developer Productivity: Why Some Incentives Fail
Jan 24th 2025 9:07am, by Steve Fenton
7 Tips for Building High-Performance Development Teams
Jan 23rd 2025 11:30am, by Brian Wald
Developers Unhappy With Tool Sprawl, Lagging Data, Long Waits
Feb 5th 2025 3:00pm, by Jennifer Riggins
How to Run an Effective Sprint Review
Feb 5th 2025 10:00am, by Ben Grimwade
Celebrating a Year of Commitment to CNCF Flux: Sustainability, Innovation, and Growth
Feb 4th 2025 11:00am, by Francesco Beltramini
The Engineer's Guide to Controlling Configuration Drift 
Feb 3rd 2025 8:00am, by Saqib Jan
Developers: The Last Line of Defense Against AI Risks
Feb 2nd 2025 9:00am, by Eyal Dyment
How Amazon EKS Auto Mode Simplifies Kubernetes Cluster Management (Part 1)
Jan 31st 2025 7:00am, by Janakiram MSV
Wasm Spin and SpinKube's Rocky Road to CNCF Sandbox Status
Jan 27th 2025 5:32am, by B. Cameron Gain
Return to PaaS: Building the Platform of Our Dreams
Jan 23rd 2025 8:30am, by Doug Sillars
How Oracle Is Meeting the Infrastructure Needs of AI
Jan 23rd 2025 6:00am, by Heather Joslyn
Make a Scalable CI/CD Pipeline for Kubernetes With GitHub and Argo CD
Jan 22nd 2025 10:30am, by Tinega Onchari
Slow Is Officially the New Down. So Now What?
Feb 5th 2025 9:01am, by Leo Vasiliou
Observability Isn't Enough. It's Time To Federate Log Data
Feb 4th 2025 9:00am, by Franz Knupfer
Best Practices for Monitoring Network Conditions in Mobile
Feb 4th 2025 6:00am, by Virna Sekuj and Hanson Ho
OTel, Elastic Collaborate to Make Observability More Accessible
Jan 31st 2025 10:30am, by Meredith Shubel
The Case for Telemetry Pipelines
Jan 31st 2025 8:01am, by Paige Cruz
Is Malware Hiding in Your Roblox Mods?
Jan 22nd 2025 1:00pm, by Poppaea McDermott
Istio Creators on Mistakes To Avoid for Any Project
Jan 1st 2025 7:00am, by B. Cameron Gain
The Feds Push WebAssembly for Cloud Native Security
Dec 20th 2024 6:49am, by B. Cameron Gain and Alex Williams
Tetrate, Bloomberg Collaborate on Envoy-Based AI Gateways
Oct 7th 2024 2:00pm, by Steven J. Vaughan-Nichols
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
API Management / Security

4 Essential Tools for Protecting APIs and Web Applications

There is a wide range of tools available to help organizations effectively protect their API-based solutions. Here are four essential API-focused security solutions every organization should have in place:
Oct 29th, 2020 10:30am by
Featued image for: 4 Essential Tools for Protecting APIs and Web Applications

Threat actors continue to evolve, developing new tools to effectively target expanding platforms, applications, and attack surfaces almost as soon as they are implemented. The entire range of solutions impacted by digital innovation is ripe for attack because many organizations tend to embrace new technologies before fully implementing a security strategy to protect them. The increasing reliance on Application Program Interfaces (APIs) to develop web applications and other services is a perfect example.

Increased Reliance on APIs Creates New Risks

Brian Schwarz
Brian Schwarz is Director of Product for Application Security at Fortinet. With over 20 years of experience working with networking and security solutions for the enterprise, Brian currently focuses on Fortinet’s Web application and API security solutions. Previously, Brian has held a variety of positions spanning product marketing, product management, technical marketing, and technical training for leading industry vendors.

APIs are sets of routines, protocols, and tools used for building software applications. In general, APIs enable programmers to easily interact with a programming language, software libraries, or other software tools. They are increasingly being used to develop new web applications that provide a richer, more responsive user experience, especially for mobile device users. They are also used to expose data “as a service” to internal users, external partners, and customers. In fact, 64% of organizations today create APIs for use in either internal or external use cases.

And as you might expect, cybercriminals are hot on the heels of this trend, developing and deploying attacks for which many organizations are singularly unprepared. Common API attacks include injection attacks, where malware is transferred into an API as part of a query or command, resulting in unauthorized access to information. DoS attacks aimed at APIs can render them unresponsive. API authentication and access controls can be broken. Even traditional man-in-the-middle attacks have been modified to exploit APIs. REST (Representational State Transfer) APIs are especially vulnerable as they use HTTP as their underlying protocol. The result is that corporate and customer data are at increased risk as long as organizations fail to implement security tools and strategies designed to protect the API infrastructure.

Addressing API Security Threats

Fortunately, there is a wide range of tools available to help organizations effectively protect their API-based solutions. Here are four essential API-focused security solutions every organization should have in place:

  1. Web Application Firewalls are the first line of defense for protecting APIs and web applications. They are explicitly designed to secure both traditional and API-based web applications. They not only supplement the signature-based defenses provided by firewalls and IPS platform protection, but unlike any other security solution, a WAF can also provide broad application protection. It does this because the WAF understands application logic as well as what elements exist in a web application, such as URLs, parameters, and even the cookies it uses. By monitoring application usage and behaviors, as well as through deep inspection, a WAF can build a baseline of normal behaviors for every application in use. The WAF  can then trigger actions to protect your applications, whether in your datacenter or in the cloud when anomalies arise. A WAF solution can also provide bidirectional defenses against malicious sources, DDoS attacks, and sophisticated threats targeting APIs and web applications, including SQL injection, cross-site scripting, buffer overflows, file inclusion, cookie poisoning, and many others.
  2. Bot Mitigation is essential since malicious botnets are a primary tool for delivering attacks targeting APIs. To quickly protect websites, mobile apps, and APIs from automated threats, some WAF solutions allow administrators to configure a bot mitigation feature that checks for more specific signatures, such as client events, and the occurrence of suspicious behaviors by regular clients.
  3. API Gateways provide a wide range of functions, such as traffic management, monitoring and logging, and API versioning. However, an API gateway should also include additional essential security functions, starting with authorization and authentication to maintain and secure a single point of entry for API access. This ensures that only authorized developers and administrators have access to API resources. Other security features should include API key verification, rate limit control, and call rewriting. It should also include dynamic attack signatures that enable it to identify threats targeted at APIs. Additional API security should include schema validation to validate API syntax and grammar, and API testing to determine if an API meets expectations for functionality, reliability, performance, and security.
  4. Anti-DDoS solutions must be able to detect threats targeting APIs since the fastest-growing category of DDoS attacks target Layer 7. These attacks only require a few megabits of packets to do as much harm as large-scale volumetric attacks consisting of hundreds of gigabits of data that are used to overwhelm servers and other devices. The challenge is that most Internet Service Providers (ISPs) focus on volumetric DDoS prevention and don’t have detection tools focused on detecting and intercepting these smaller, application-level threats, which means the attacks can frequently pass through to the network. And because of their size, they may also appear completely normal to most traditional in-house DDoS detection solutions. As a result, organizations need to ensure that their overall DDoS mitigation strategy includes the ability to detect and mitigate API-focused DDoS attacks.

Add API Security Defenses to Your Security Arsenal

While firewalls indeed remain the first line of defense in the data center, new threats targeting web applications and APIs require your security infrastructure to have new capabilities. Tools that rely on signature-based detection, IP reputation, and DPI can stop some — but not all — of the advanced threats that threaten today’s API-based applications and services. To provide a more complete solution, organizations need to include additional security tools, including web application firewalls, API gateways, and DDoS mitigation solutions. These tools are essential for protecting your data and users from a rising tide of sophisticated attacks targeting API-based resources.

TRENDING STORIES
Group Created with Sketch.
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.