nginx

Securing Your API Ecosystem with the NGINX Controller API Management Module “Sensitive data exposure” by APIs is #3 on the OWASP Top 10 Application Security Risks list, and there’s no shortage of real‑world examples. In July 2018, Salesforce revealed that an update to its Marketing Cloud service introduced an API bug that might have caused API calls to retrieve or write data from one customer’s account to another’s. At Venmo, a popular payment application owned by PayPal, a poorly secured public API allowed a massive data leak, exposing more than 207 million transactions. According to Gartner, by 2022 API abuses will be the leading attack vector for data breaches within enterprise Web applications. Security is a key element of API lifecycle management. Given that weak API security can leave you exposed to critical vulnerabilities, API security must be built into the [ more… ]

Do I Need a Service Mesh? “Service mesh” is a red‑hot topic. It seems that every major container‑related conference last year included a “service mesh” track, and industry influencers everywhere are talking about the revolutionary benefits of this technology. However, as of early 2019, service mesh technology is still immature. Istio, the leading implementation, is not yet ready for general enterprise deployment and only a handful of successful in‑production deployments are running. Other service mesh implementations also exist, but are not getting the massive mindshare the industry pundits say that service mesh deserves. How do we reconcile this mismatch? On the one hand, we hear “you need a service mesh”, and on the other hand, organizations have been running applications successfully on container platforms for years without one. Getting Started with Kubernetes Service mesh is a milestone on your journey, [ more… ]

NGINX to Join F5: Proud to Finish One Chapter and Excited to Start the Next I’m incredibly excited that today we announced NGINX has signed a definitive agreement to be acquired by F5. While there will be a lot of press and formal announcements explaining the reasoning behind the decision, I wanted to share a few words of my own. We’ve built an incredible company, which led to today’s event. As I reflect on how we achieved this success, I landed on three key themes: technology, family, and vision. How We Got Here: Technology, Family, and Vision At the core of NGINX’s success is the amazing technology that Igor Sysoev wrote back in 2002. His decision to open source this technology literally changed the world. You may not see it that way, but the honest truth is that over my [ more… ]

Simplifying API Definition with the NGINX Controller API Management Module API lifecycle management begins with planning, designing, and defining APIs. This blog spotlights how easy the NGINX Controller API Management Module makes it to define APIs and publish them to NGINX Plus API gateways. Many API management tools require you to create a separate definition of a given API for each different deployment environment. With the NGINX Controller API Management Module, you define an API just once and publish it to as many environments as you want. This “create once, publish many” approach eliminates user errors as well as saving time and effort, especially if you have to define a lot of APIs. The API Management Module provides a logical framework for defining APIs and the associated configuration. Let’s go through each logical entity. Defining the Entry Point The entry point for an [ more… ]