The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely available articles, documentation, tutorials, and…
Modern organizations rely on APIs to power their digital customer experiences. This can lead to stronger brand loyalty and higher revenues — if they play their cards right. The driving factor in delivering personalized content is connectivity to more applications, systems, and data sources. That…
APIs have revolutionized every industry. They fuel digital transformation and power the web, making up more than 83% of global internet traffic. And API adoption will only grow, with AI, Web3 , and decentralization only further driving API usage and integration. But these sometimes-overlooked…
The world of financial services is driven by digital experiences. Over the last 20 years, virtually all banking activities have been taken online (an unfortunate change only for fans of pneumatic tubes and pens on beaded chains). Like other industries that have undergone digital transformation,…
Kong is proud to announce the release of the latest version of Kong Mesh 2.3. In this release, Kong Mesh continues to build upon the enterprise-grade service mesh in the critical areas of, security, flexibility, and resiliency. As organizations continue to leverage APIs to deliver digital…
The concept of Zero Trust is based on the belief that no internal network or system can be fully trusted. Traditional network architectures, such as a perimeter-based model, rely on distinguishing between internal and external networks. However, this approach is flawed because internal networks can…
If you landed on this blog post, chances are that you care about keeping your API secure. It's an important topic to discuss: API exploits are on the rise, and you don't want unauthorized users accessing your data. A big part of that security is implementing API authentication and API…
Today we're pleased to announce a new strategic partnership and resale agreement with Imperva . Imperva customers will now be able to directly license Kong Enterprise, the fastest, most feature-rich, and secure API management solution. In addition, Kong customers will be able to use the Imperva API…
Red Hat OpenShift is the industry's leading enterprise Kubernetes platform that runs ubiquitously across on-prem, and the cloud. With Red Hat OpenShift Service on AWS (ROSA) , a managed Red Hat OpenShift platform that runs natively on AWS, it is even easier to get kick-started on an…
In this post, we'll talk about what API SecOps is, including the fundamentals of it and the personas involved. Then, we'll discuss how API, microservice, and policy lifecycles integrate to produce a secure service in production, and why collaboration and API-First Design are essential for APISecOps…
In the Dev Portal world, offering users the ability to use their own domain is a milestone on our way to fully customized Dev Portals. Since Konnect-hosted portals are fronted by a Kong gateway, we looked to use our own plugins to achieve this feature. The ACME plugin is an open-source Kong plugin…
We’re excited to announce new features in Kong Konnect , including the ability to take advantage of identity management APIs, streamlined certificate management, and latency metrics as part of Analytics . Read on to learn about these features and how kong helps future-proof API security . Now you…
Security best practices remain a top priority for enterprises, especially as high-profile hacks and cybersecurity breaches pose increased risks. According to the 2022 Morgan Stanley CIO survey , IT spending is expected to reach 4.4%, with cloud computing and security software as the leading…
A microservice -based system can consist of dozens or even hundreds of individual services communicating with each other via APIs . While its possible for a client be that a web browser, application or IoT device to make requests to the relevant microservice directly, this approach has a number of…
If the connection from clients to your API gateway isn't encrypted, all messages you send and receive are out in the open for all to read. In looking for a way in, attackers will make use of all features of an API, even the undocumented ones; security by obscurity is not a realistic defense…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.