October 30, 2016 Comments Off on Why the recent Internet of Things (IoT) attack is just the beginning
A few days ago we witnessed a new type of distributed denial of service (DDoS) incident. Unlike previous botnet attacks that enlisted compromised computers, this one corralled assorted unprotected devices like Internet-ready webcams, DVRs, and baby monitors to flood Domain Name System (DNS) servers, and thereby seriously degrade the Internet for hours. I’ll leave the explanation of the mechanics of this incident to more qualified commentators, but I do want to weigh in on why I think these types of events are very hard to combat and why I’m very skeptical about the hype around the Internet of Things (IoT).
We all (well, many of us) know how important it is to keep our computers and software patched and up-to-date; most people also get why firewalls are essential. But consider these facts about IoT devices:
- They’re being created for just about every industry. This diversity means that it’s much harder for the entire universe of vendors to agree on common security standards: defining safeguards for a heart pump is a little different than for a Web-ready washing machine. I’ve served on my share of standards committees: to say that they move slowly is an understatement!
- They have really short development cycles. IoT is shaping up to be a brutally competitive landscape. The winners will be those vendors that deliver solutions to market quickly. Designing and building strong security safeguards takes time, and time is money. The end result is that device protection takes a back seat to market pressures.
- There’s limited space for security software. Margins are very thin on hardware devices: security-focused onboard storage space adds costs that aren’t directly related to functionality.
- They frequently rely on APIs for communication. I’ve blogged about API security in the past. Suffice it to say that it’s a rare API that’s locked down properly.
- New models are always coming on the market. Here’s the really scary part: even if vendors do start getting their security act together, it will be years before today’s highly insecure devices get retired. Meanwhile, they’ll be standing by for their next set of DDoS orders.
July 25, 2016 Comments Off on Announcing Swagger training & certification
Whether they’re employed internally, externally, or both, APIs are vital assets that connect systems, streamline workflows, and make every type of integration possible. In fact, beyond strengthening operational efficiency and enabling cross-system communication, APIs now serve as competitive differentiators for many organizations. It’s no exaggeration to point out that renowned technology-driven businesses such as Uber, AirBnB, or eBay live and die on the quality and performance of their APIs, and this intense reliance is spreading across every industry.
Swagger – and its ecosystem of standards and products – is in the process of transforming the ways that APIs are designed, developed, tested, and supported. I’m happy to announce that my colleague Chris Riley has created an outstanding one-day training and certification program to help enterprises get the most out of Swagger.
Chris is a world-class expert on DevOps, Continuous Integration, and everything else related to how modern APIs are being created, and this deep knowledge comes across in his courseware. He also happens to be a great trainer who is committed to helping his students gain the proficiency they need.
Organizations can send individuals to public Webinars, schedule a private Webinar, or even have an instructor deliver the class onsite. To learn more, visit SmartBear’s registration page.
July 1, 2016 Comments Off on Helpful REST API 101 guide available online
For software developers and architects tasked with creating programmatic interfaces to their applications, there’s been a longstanding debate between utilizing the structure and standards of SOAP-based Web services versus offering the freedom and flexibility of REST APIs.
In the midst of all these deliberations, I’ve observed a great deal of confusion about what, exactly, defines a REST API. SmartBear has come up with a helpful resource that provides a nice overview of the origins, attributes, and goals of REST APIs. You can view the guide here.
If you’re interested in learning more about REST API design, development, and testing, check out my other postings on the subject.
February 29, 2016 Comments Off on Comprehensive API survey now available from SmartBear
I’ve been designing, developing, testing, and optimizing APIs for many years. I’m encouraged by the increasing amounts of attention that these critical enterprise assets are now garnering.
SmartBear has recently conducted an all-encompassing survey of more than 2,300 developers, testers, IT/operations professionals and business leaders representing over 50 different industries and 104 countries. This is essential reading for anyone seeking to learn more about the state of the API landscape.
It covers topics such as:
- API technology and tool trends
- Top opportunities and challenges in the API space
- API development and delivery approaches
- API consumer expectations and priorities
- Keys to ensuring API quality and optimizing performance
You can download this excellent resource here.
December 29, 2015 Comments Off on Free data-driven API testing eBook is now available
I recently had the pleasure of co-hosting a data-driven API testing Webinar with Paul Bruce from SmartBear. I’ve compiled the recommendations we made during this event into a free eBook which you can now download. A special thanks to Kim Salmon from SmartBear for her help in getting the book developed and published!
November 30, 2015 Comments Off on New training course for API performance testing using LoadUI NG Pro
As a longtime user, trainer, and consultant for SmartBear’s excellent SoapUI API functional testing software, I’m happy to announce the availability of a new companion course dedicated to mission-critical API performance testing using LoadUI NG Pro.
LoadUI NG Pro is one of the four components that comprise the superb Ready! API platform (the others are SoapUI NG Pro, Secure Pro, and ServiceV Pro), and I believe it has the potential to revolutionize how businesses ensure that their APIs are production-ready.
The hands-on class – which is offered either as a private Webinar or private onsite delivery, and can be paired with site-specific consulting – covers a wide variety of essential subjects:
- Ready! API Platform & LoadUI NG Pro Architecture
- Load Testing Concepts & Best Practices
- Designing and Developing a Load Test
- Running a Load Test
- Analyzing Results
If you’d like to get a detailed syllabus and learn more about the course, please email me and I’ll put you in touch with SmartBear.
November 3, 2015 Comments Off on Data-Driven API testing Webinar recording now available