EAI Endorsed Transactions on Cloud Systems https://publications.eai.eu/index.php/cs <p>The EAI Endorsed Transactions on Cloud System (ToCS) is an international venue for publishing innovative and cutting edge results on the convergence of next-generation technologies and methodologies reshaping our way of living. The emerging converged platform for growth and innovation is built on four technology pillars: mobile computing, cloud services, big data and analytics, and social networking.</p> <p><strong>INDEXING</strong>: DOAJ, CrossRef, Google Scholar, ProQuest, EBSCO, CNKI, Dimensions</p> <p> </p> en-US <p>This is an open access article distributed under the terms of the <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA 4.0</a>, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.</p> publications@eai.eu (EAI Publications Department) publications@eai.eu (EAI Support) Tue, 17 Oct 2023 09:11:32 +0000 OJS 3.3.0.17 http://blogs.law.harvard.edu/tech/rss 60 Application Programming Interface (API) Security in Cloud Applications https://publications.eai.eu/index.php/cs/article/view/3011 <p>Many cloud services utilize an API gateway, which enables them to be offered to users through API platforms such as Platform as a Service (PaaS), Software as a service (SaaS), Infrastructure as a Service (IaaS) and cross-platforms APIs. APIs are designed for functionality and speed by developers who write a small portion of code, which has visibility and is secure. The code that is created from third-party software or libraries has no visibility, which makes it insecure. APIs are the most vulnerable points of attack, and many users are not aware of their insecurity. This paper reviews API security in cloud applications and discusses details of API vulnerabilities, existing security tools for API security to mitigate API attacks. The author’s study showed that most users are unaware of API insecurity, organizations lack resources and training to educate users about APIs, and organizations depend on the overall security of the network instead of the security of standalone APIs.</p> Farhan Qazi Copyright (c) 2023 Farhan Qazi https://creativecommons.org/licenses/by-nc-sa/4.0 https://publications.eai.eu/index.php/cs/article/view/3011 Tue, 17 Oct 2023 00:00:00 +0000