How to Secure an API - Tips for REST + JSON Developers
At the Silicon Valley Java Users Group, our CTO Les Hazlewood gave a presentation on API Design. Since we get so many questions about API Security, I thought developers might want to see the excerpted...
View ArticleFive Steps to Password Security - Developer Best Practices Video
We see a lot of common mistakes in password security. From storing plaintext passwords (IEEE) to not salting user passwords (LinkedIn) to using insufficient hashing algorithms like SHA-1.In this video,...
View ArticleBeautiful REST + JSON APIs with JAX-RS and Jersey
Designing and building a really clean and intuitive REST API is no small feat. You have to worry about resources, collections of resources, pagination, query parameters, references to other resources,...
View ArticlePassword Security The Right Way
Password security - not the most exciting part of your app. Because its complicated to build well, time-consuming to maintain securely, and because attacks are escalating through cloud technologies,...
View ArticleClik here to view.
More Partridges in the Pear Tree
Welcome to our newest teammates!Recruiting is in full swing here at the Death Star - Kelsey, Keli, Jose and Brent recently joined Team Stormpath. (Jose could not make the photo session, but found a...
View ArticleClik here to view.
CAS 3.5 Integration with Stormpath
The team over at Unicon recently released an CAS AddOns Project, which handily includes integration with Stormpath as a primary authentication source for CAS servers. We have had a ton of requests from...
View ArticleClik here to view.
Password Breach? That'll Be $172,000,000 Please
UK Authorities have just slapped Sony Playstation with a $400,000 fine for their massive password breach in 2011.That $400k is nothing compared to the total cost. Sony reported an estimated outlay of...
View ArticleClik here to view.
Stormpath Named One of CSO Online's Best Security Tools
CSO Online recently asked information and network security pros to name the best free software tools. Guess who made the list!Didn't know we have a free edition? REST assured, any developer can use the...
View ArticleStormpath Rising
Today we announced $8.2M in Series A financing. It’s a big achievement for our team and a huge commitment to our vision and customers. Most importantly, it’s fuel: fuel to recruit the best people,...
View ArticleClik here to view.
Stormpath Launches Enhanced API
Last week, amid the hoopla of our fundraising announcement, we ended Private Beta and released major enhancements to the API. Many of these came from user feedback.**In the coming months, we will be...
View ArticleClik here to view.
Stormpath Python SDK Lands at Pycon
Stormpath landed at PyCon last week with a shiny new Python SDK and five team members looking for Pythonista feedback. After our action-packed February, expectations for the conference were high—and...
View ArticleLong Live The Password
Last year Microsoft Research posted a great paper[1] on passwords in an attempt to answer the question, “After 40 years of security research, why is the password still dominant?” Surprisingly, most...
View ArticleSecure Your REST API... The Right Way
We already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and...
View ArticleClik here to view.
How We Increased New User Registration 27%
When we launched Alpha testing for Stormpath last year, there was a worthy debate about what would be the best signup flow. We wanted to ensure potential attackers wouldn’t be able to create dummy...
View ArticleTo PUT or POST?
Create, Update and HTTP IdempotenceFor developers building REST-based APIs, there is a great deal of misinformation and some understandable confusion about when to use HTTP PUT and when to use HTTP...
View ArticleClik here to view.
Reputation.com Loses User Passwords, Emails, and Addresses
...or How To Report Password AttacksReputation.com just reported a security breach to users, with the email below. There are some great takeaways here for reporting breaches to your users:Be specific...
View ArticleClik here to view.
5 Myths of Password Security
High profile database breaches aren’t a daily thing just yet, but they’re certainly not rare. Linode’s recent system-wide password reset and Scribd's account compromises were announced just nine days...
View ArticleClik here to view.
Stormpath Community Roundup - Tasty Biscuits Edition
Today is National Buttermilk Biscuit Day. Biscuits fill me with joy, as do community integrations, so here's a post packed with deliciousness from the amazing people in the Stormpath community. (First,...
View ArticleClik here to view.
Linking and Resource Expansion: REST API Tips
While the specifications for both XML (via XLink) and HTML (via anchor tags, the “a” element) have hypertext references built into their respective specifications, there is no such JSON-specific...
View ArticleClik here to view.
2013 Social Login Best Practices
One of the alarming things we hear is that social integration is an easy way to deploy basic user management, on a service that will maintain all the security and hosting (in theory). There are some...
View Article