Deno Sandbox is a new hosted sandbox service from Deno Deploy, allowing secure code execution with features like secret management and resource limits.
A security vulnerability in Claude Cowork allowed file exfiltration via the Anthropic API, bypassing default HTTP restrictions.
Security researchers found a vulnerability in Claude Cowork allowing data exfiltration via the Anthropic API, bypassing default HTTP restrictions.
A practical guide to implementing essential API security best practices in Spring Boot, including HTTPS, JWT authentication, authorization, and rate limiting.
Explains rate limiting strategies in ASP.NET Core, including fixed window, sliding window, token bucket, and concurrency limiters.
A guide to implementing passwordless, cross-tenant authentication for Azure API Management using Managed Identities and Federated Credentials.
Argues against using API keys for securing enterprise AI tools like LLMs and agents, highlighting security flaws and recommending better alternatives.
A security researcher discovers goHardDrive exposed thousands of customer records via an insecure RMA status check form with no authentication.
AI agents' autonomous and probabilistic nature forces stricter security and authorization models, breaking traditional microservice assumptions.
Argues that APIs should not redirect HTTP to HTTPS, but instead disable HTTP or return errors, to prevent accidental unencrypted data exposure.
Microsoft integrates Azure Web Application Firewall (WAF) with Copilot for Security, enhancing threat detection and analysis for web apps and APIs.
Using Azure API Management to protect JSON REST APIs by validating payloads against a JSON schema and enforcing size limits.
A guide on using Ollama's Modelfile to create and deploy a custom large language model (LLM) for specific tasks, like an API security assistant.
Using Azure API Management to control API access and validate parameters per team, securing an Azure Function for DevOps agent management.
A curated list of key Microsoft Build 2023 sessions for ANZ developers, focusing on AI, cloud development, .NET, and DevOps.
Explores rate limiting concepts for web apps, covering why it's needed, algorithms, and implementation strategies with .NET examples.
A guide to securing Node.js and .NET APIs using Azure Active Directory, covering Terraform setup, JWT validation, and a PowerShell test client.
Exploring client-side certificates as a simpler, more secure alternative to OAuth for API authentication.
Explains the importance of checking delegated and application permissions in Azure AD access tokens for API security, with ASP.NET Core examples.
A tutorial on implementing JWT (JSON Web Token) authentication in a Django REST Framework application, covering setup, token usage, and refresh logic.
