As discussed in previous posts, it's important for app developers and API providers to understand how to protect users, apps, and APIs from abuse and how to deal with malicious attacks when they happen. It's also important to think about how to design protection systems to optimize impact on abusers while minimizing impact on legitimate users.
In my last post I looked at some of the ways malicious users can attack your apps and APIs and ways to mitigate the risk of attack. This time we'll look at some more ways to push back against attackers.
When a malicious user or app is detected, the user or the app can be blocked, throttled or denied service. The confidence in the "maliciousness" of an app or a user can be used to take service denial actions or even to reduce the QoS available for such users and apps. Similarly, end users should be notified about actions...
Abusers or spammers are the bad guys looking to make money by getting unsuspecting end users or consumers of online services to interact with malicious content or spam that leads to one or more of the following scenarios:
- Eyeballs on spam content that lead to clicks and purchases;
- Gathering users’ private information through keyloggers (or other spyware) on the user’s machine or device which is then sold to the highest bidder.
- Phishing for users’ private information such as SSN, credit card #, or passwords and selling those to the highest bidder.
- Installing malicious software on users’ machines or devices, which in turn steals more of their information or uses their bandwidth or storage for carrying our further attacks.
Any workflow that creates or consumes content, shares or reshares content, sends or receives communications can be vulnerable to attack. This post discusses how to protect your assets and APIs.
Want to launch your API with a bang? Or get more internal adoption?
Hack Days (or Hackathons) give developers a day off to build anything they can dream up. No rules. At the end of the day, developers demo for glory and free beer.
If your API is only available to developers inside the company - even more reason. Why?
- Get the word out - Hack Day is a high profile way to drive adoption and build grass-roots excitement internally....
TechCrunch recently posted on a Juniper report on “Mobile Location Based Services" This report taps on the potential for this new wave of powerful apps – like letting your phone geotag the video you just took and posting it to Facebook with a Google Maps link; one-button dial to a nearby restaurant discovered through your social network; or dynamically billing for high-value media content via the operator.
Companies like Google, Foursquare, and Nokia are mentioned as on the forefront of many of these services.
But don't forget the Telcos - they have rich location based services with network...