The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
At Kong, the security and reliability of our products have always been paramount. In light of the recent discovery of the Novel HTTP/2 ‘Rapid Reset’ DDoS attack ( CVE-2023-44487 ), we have taken steps to proactively address potential issues. Today we’re providing guidance on how our users can best…
[](/blog/product-releases/novel-http2-rapid-reset-ddos-vulnerability-update)
In today’s modern digital environment, more organizations are relying on remote work than ever before. While this shift has given companies unprecedented flexibility when it comes to deploying their workforce, it has also presented challenges in keeping their devices, operations, and personnel…
[](/blog/engineering/ztna-vs-vpns)
When it comes to digital identity, OpenID and OAuth are two peas in a pod, but they have their differences. OpenID connects you to relying parties using a single sign-on, while OAuth grants access tokens so you can give apps limited access. They both make authentication simple, seamless, and…
[](/blog/engineering/openid-vs-oauth-what-is-the-difference)
In the ever-evolving landscape of digital business operations, staying ahead of the curve requires constant adaptation and innovation. Kong Mesh 2.4 contains several enhancements to help your organization's infrastructure be more efficient. In this blog post, we’ll explore the key benefits of Kong…
[](/blog/product-releases/kong-mesh-2-4)
APIs serve as the foundation for how software systems and services communicate and exchange data. But unmanaged and unsecured APIs can open up massive vulnerabilities that lead to disastrous security breaches and data leaks without proper governance. With API-related attacks increasing — and set…
[](/blog/enterprise/reduce-api-security-risks-with-standardized-governance)The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely available articles, documentation, tutorials, and…
[](/blog/engineering/owasp-top-10-api-security-2023)
Modern organizations rely on APIs to power their digital customer experiences. This can lead to stronger brand loyalty and higher revenues — if they play their cards right. The driving factor in delivering personalized content is connectivity to more applications, systems, and data sources. That…
[](/blog/enterprise/how-to-choose-an-api-gateway)APIs have revolutionized every industry. They fuel digital transformation and power the web, making up more than 83% of global internet traffic. And API adoption will only grow, with AI, Web3 , and decentralization only further driving API usage and integration. But these sometimes-overlooked…
[](/blog/enterprise/apis-are-mission-critical)The world of financial services is driven by digital experiences. Over the last 20 years, virtually all banking activities have been taken online (an unfortunate change only for fans of pneumatic tubes and pens on beaded chains). Like other industries that have undergone digital transformation,…
[](/blog/enterprise/api-security-management-fintech)
Kong is proud to announce the release of the latest version of Kong Mesh 2.3. In this release, Kong Mesh continues to build upon the enterprise-grade service mesh in the critical areas of, security, flexibility, and resiliency. As organizations continue to leverage APIs to deliver digital…
[](/blog/product-releases/kong-mesh-2-3)
The concept of Zero Trust is based on the belief that no internal network or system can be fully trusted. Traditional network architectures, such as a perimeter-based model, rely on distinguishing between internal and external networks. However, this approach is flawed because internal networks can…
[](/blog/enterprise/what-is-zero-trust-security)
If you landed on this blog post, chances are that you care about keeping your API secure. It's an important topic to discuss: API exploits are on the rise, and you don't want unauthorized users accessing your data. A big part of that security is implementing API authentication and API…
[](/blog/engineering/api-authentication-vs-api-authorization)
Today we're pleased to announce a new strategic partnership and resale agreement with Imperva . Imperva customers will now be able to directly license Kong Enterprise, the fastest, most feature-rich, and secure API management solution. In addition, Kong customers will be able to use the Imperva API…
[](/blog/news/imperva-kong-cybersecurity)
Red Hat OpenShift is the industry's leading enterprise Kubernetes platform that runs ubiquitously across on-prem, and the cloud. With Red Hat OpenShift Service on AWS (ROSA) , a managed Red Hat OpenShift platform that runs natively on AWS, it is even easier to get kick-started on an…
[](/blog/engineering/apisecops-tutorial)
In this post, we'll talk about what API SecOps is, including the fundamentals of it and the personas involved. Then, we'll discuss how API, microservice, and policy lifecycles integrate to produce a secure service in production, and why collaboration and API-First Design are essential for APISecOps…
[](/blog/engineering/apisecops)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.