Latest Blog Posts

How to Configure DSA Replication for Symantec SiteMinder Policy Store Using Symantec Directory in UNIX/Linux

How to Configure DSA Replication for Symantec SiteMinder Policy Store Using Symantec Directory in UNIX/Linux

Symantec Directory is a proven next-generation virtual directory server that provides a standards-based distribution model, replication model, and overall higher performance. Multiwrite-DISP replication is the recommended method of replication with Symantec Directory because it combines the efficiency of multiwrite when DSAs are online, with the strength of DISP to allow the DSAs to recover after

A Step-By-Step Guide to Symantec SiteMinder Access Gateway Apache Ghostcat Patch Procedures in UNIX/Linux

A Step-By-Step Guide to Symantec SiteMinder Access Gateway Apache Ghostcat Patch Procedures in UNIX/Linux

Per Symantec SiteMinder upgrades, in Release 12.8 through 12.8.03, Broadcom addresses fixes to the CVE-2020-1938 vulnerability (Ghostcat vulnerability) in Apache Tomcat latest SiteMinder patch related to the Access Gateway in your environment. This guide is designed to help users who will be implementing the Ghostcat vulnerability, provide the necessary steps to implement, and address verification

How to Setup Integrated Windows Authentication Using IIS and Layer7 Symantec SiteMinder Web Agent

How to Setup Integrated Windows Authentication Using IIS and Layer7 Symantec SiteMinder Web Agent

Integrated Windows Authentication (IWA) is a proprietary mechanism developed by Microsoft to validate users in pure Windows environments. For Integrated Windows Authentication, it is IIS that does the authentication, not Symantec SiteMinder. SiteMinder Web Agent does not do any authentication for IWA—Siteminder Web Agent trusts the credentials accepted by the IIS and sends it to

Differences and Enhancements Between API Developer Portal 3.5 (Classic) vs 4.X (Latest)

Differences and Enhancements Between API Developer Portal 3.5 (Classic) vs 4.X (Latest)

CA/Broadcom API Developer Portal (API Portal) allows API owners to control how APIs are published, enables consumers to discover what services are available, and helps operations teams monitor API performance. API Portal simplifies API integration and discovery for developers and provides them with access to enterprise data to build apps fast. Relationships with developers, partners,

How To Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway- Lack of Resources & Rate Limiting

How To Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway: Lack of Resources & Rate Limiting

The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. The Top Ten security threats include: 1. Broken Object Level Authorization2. Broken Authentication3. Excessive Data Exposure4. Lack of resources and Rate Limiting5. Broken Function Level Authorization6. Mass Assignment7. Security Misconfigurations8. Injection9. Improper Asset Management10.

How to Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway- Broken Function Level Authorization

How to Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway: Broken Function Level Authorization

The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. The Top Ten security threats include 1. Broken Object Level Authorization2. Broken Authentication3. Excessive Data Exposure4. Lack of resources and Rate Limiting5. Broken Function Level Authorization6. Mass Assignment7. Security Misconfigurations8. Injection9. Improper Asset Management10.

How To Configure Layer7 API Gateway for Symantec Siteminder Integration

How To Configure Layer7 API Gateway for Symantec Siteminder Integration

Symantec Siteminder is one of the most effective methods of better protecting APIs against unauthorized access. Siteminder protects URLs, and APIs endpoints are exactly that – URLs. This guide is designed to detail how to set up and configure the integration with Siteminder and build a policy that uses Siteminder to protect an API endpoint

How To Get Layer7 API Gateway FIPS Compliant

How To Get Layer7 API Gateway FIPS Compliant

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. The layer7 API gateway appliances as of version 10, do not allow FIPS to be enabled

A Beginner’s Guide to Layer7 API Gateway Policy Writing

A Beginner’s Guide to Layer7 API Gateway Policy Writing

Your organization has acquired the Layer7 API gateway, and you are ready to take advantage of its capabilities to improve your API management and protect your APIs. Below, we’ve put together a comprehensive guide to layer7 API gateway policy writing for the complete beginner, which walks through the basic concepts of the Layer7 API gateway

How To Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway- A8-Injection

How To Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway: Injection

The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. The Top Ten security threats include:  Broken Object Level Authorization Broken Authentication Excessive Data Exposure Lack of resources and Rate Limiting Broken Function Level Authorization Mass Assignment Security Misconfigurations Injection Improper Asset Management Insufficient

How To Mitigate OWASP API Security Top 10 Vulnerabilities in Layer7 API Gateway: Excessive Data Exposure

The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. The Top Ten security threats include  Broken Object Level Authorization Broken Authentication Excessive Data Exposure Lack of resources and Rate Limiting Broken Function Level Authorization Mass Assignment Security Misconfigurations Injection Improper Asset Management Insufficient

ISXResource Center