APIs power everything from internal systems to customer-facing products, but managing them at scale is no longer ...

The modern enterprise software landscape demands professionals who can seamlessly navigate the complexities of full-stack ...

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.

A deep dive comparing API Keys, OAuth 2.0, JWT, and HMAC for CTOs. Learn which api authentication method fits your enterprise SSO and IAM strategy.

A new variation of the ClickFix scam tries to get around phishing defenses by capturing an employee’s OAuth authentication token for Microsoft logins. Researchers at Push Security this week outlined ...

As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...

A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any ...

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...