API Evangelist Partners

These are my partners who invest in API Evangelist each month, helping underwrite my research, and making sure I'm able to keep monitoring the API space as I do.


3scale makes it easy to open, secure, distribute, control and monetize APIs, that is built with performance, customer control and excellent time-to-value in mind.


Runscope is a SaaS-based company that provides solutions for API performance testing, monitoring and debugging.


Tyk is an open source API Gateway that is fast, scalable and modern, and offers an API management platform with an API Gateway, API analytics, developer portal and API Management Dashboard.


Restlet is providing the fastest and easiest API-First Platform as a Service that developers and non-developers working on API projects can use.


DreamFactory Software develops and markets a technology that enables developers to connect modern mobile applications to enterprise back-end infrastructure in the cloud.

API Encryption News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

Title Source Visit
Dissecting TLS Using Wireshark (2017-05-12) blog.catchpoint.com
SSAGOV To Require Stronger Authentication (2017-05-10) krebsonsecurity.com
UK surveillance law still fuzzy on decryption rules for comms providers (2017-05-05) techcrunch.com
UK seeks end to endtoend encryption (2017-05-05) www.pcworld.com
Create a SelfSigned SSL Certificate Using OpenSSL (2017-05-04) dzone.com
Establishing a TLS Connection Part 4 (2017-05-03) dzone.com
TLSSSL Explained TLSSSL Certificates Part 3 (2017-05-02) dzone.com
Tweet Now in the Cloudflare TLS stack Client Authentication httpstcopCxQNSZ29B httpstcoksZ4s2B670 (2017-05-01) twitter.com
ServerSide Encryption for Amazon Simple Queue Service SQS (2017-05-01) aws.amazon.com
Introducing TLS with Client Authentication (2017-05-01) blog.cloudflare.com
How to establish strong microservice security using SSL TLS and API gateways (2017-04-27) www.techrepublic.com
mbedTLS SSL Certificate Verification With Mosquitto lwIP and MQTT (2017-04-26) dzone.com
W3C Launches FrontEnd Developer Certificate (2017-04-26) www.programmableweb.com
The Long Slog To Getting Encryption Right (2017-04-14) www.darkreading.com
Amazon Athena adds support for Querying Encrypted Data (2017-04-14) aws.amazon.com
Amazon Adds Cross Region and Encrypted Replication Support for Aurora (2017-04-13) www.infoq.com
Hewlett Packard Enterprise touts encryption tool for federal clients (2017-04-13) thehill.com
DotGov Domain Registration Program to Provide HTTPS Preloading in May (2017-04-12) www.digitalgov.gov
Encryption In Automation (2017-04-11) blog.opto22.com
BetterTLS A Name Constraints test suite for HTTPS clients (2017-04-10) techblog.netflix.com
AWS Lambda Encrypted Environment Variables (2017-04-06) dzone.com
23 of Security Pros are Blind to Encrypted Traffic Threats (2017-04-06) www.itsecurityguru.org
Activists Need to Watch Out for Fake Encryption Keys (2017-04-05) motherboard.vice.com
Encryption Policy and Freedom of the Press (2017-04-04) www.schneier.com
Google Slams Symantec for Failures in SSLTLS Certificate Process (2017-03-24) www.darkreading.com
FBI director floats international framework on access to encrypted data (2017-03-23) www.pcworld.com
The Encryption Debate in Europe (2017-03-21) www.lawfareblog.com
GitHub Uses Broken Cryptography But It Has a Plan (2017-03-21) motherboard.vice.com
Announcing Free and Automated SSL Certs For All Paid Dynos (2017-03-21) blog.heroku.com
HTTPS Interception Weakens TLS Security (2017-03-17) www.us-cert.gov
Google Cloud adds new customersupplied encryption key partners (2017-03-15) www.zdnet.com
Eclipse Plugins via HTTPS and Lets Encrypt (2017-03-13) dzone.com
Critical Vulnerability Uncovered in JSON Encryption (2017-03-13) blogs.adobe.com
Continuously Encrypt Amazon Redshift Loads with S3 KMS and Lambda (2017-03-10) dzone.com
API Gateway now integrates with Amazon Certificate Manager (2017-03-09) aws.amazon.com
Researchers find major flaws in encrypted chat app popular in WH (2017-03-08) thehill.com
No you shouldnt delete Signal or other encrypted apps (2017-03-07) techcrunch.com
Googles SHA1 Countdown Clock Could Undermine Enterprise Security (2017-03-07) www.darkreading.com
Partnering on open source Google and HashiCorp engineers on managing GCP infrastructure (2017-03-02) cloudplatform.googleblog.com
Google shifts on email encryption tool leaving its fate unclear (2017-02-27) www.pcworld.com
Tweet New on the AWSIdentity blog s2n is now handling 100 percent of SSL traffic for Amazon S3 httpstcof52Zjzbvm3 httpstcoUuVOLH2zD6 (2017-02-24) twitter.com
Announcing the first SHA1 collision (2017-02-24) security.googleblog.com
SHA1 Has Been Compromised In Practice (2017-02-24) auth0.com
E2EMail research project has left the nest (2017-02-24) security.googleblog.com
Tweet No 1Password data was put at risk through the bug reported earlier today httpstcoS7G62Qw85Q (2017-02-23) twitter.com
Using SSL for InTransit Data Encryption to Improve MySQL Security (2017-02-23) dzone.com
Security researchers announce first practical SHA1 collision attack (2017-02-23) techcrunch.com
Stop using SHA1 encryption Its now completely unsafe Google proves (2017-02-23) www.pcworld.com
Google Dutch institute crack key internet security standard (2017-02-23) www.reuters.com
Google Researchers Shatter SHA1 Hash (2017-02-23) www.darkreading.com
Steptoe Cyberlaw Podcast A Tale of RSA (2017-02-22) www.lawfareblog.com
EFF Half of web traffic is now encrypted (2017-02-22) techcrunch.com
An Overview of the Public Key Infrastructure Parameters and Standards (2017-02-20) resources.infosecinstitute.com
SSL Proxy Splunk NGINX (2017-02-20) blogs.splunk.com
Riseup Will Encrypt All Emails to Prevent FBI Searches (2017-02-17) motherboard.vice.com
GOP reps demand investigation of EPA employees using encrypted chat (2017-02-15) thehill.com
Encryption Apps Help White House Staffers Leakand Maybe Break the Law (2017-02-15) www.wired.com
Wickr Releases Crypto Protocol on GitHub (2017-02-15) www.pcmag.com
You can now use Signal for encrypted video calls (2017-02-14) techcrunch.com
FBI official No immediate changes to encryption policy under Trump (2017-02-08) thehill.com
Tokenization vs Encryption Understanding the Difference (2017-02-08) dzone.com
Encryption of data 039manageable039 for law enforcement think tank says (2017-02-08) thehill.com
Setting up GitLab Pages with CloudFlare Certificates (2017-02-07) about.gitlab.com
The Mathematical Algorithms of Asymmetric Cryptography and an Introduction to Public Key Infrastructure (2017-02-03) resources.infosecinstitute.com
Encryption Reaches Huge Milestone Majority of Traffic Uses HTTPS (2017-02-03) continuum.cisco.com
TLS 13 explained by the Cloudflare Crypto Team at 33c3 (2017-02-01) blog.cloudflare.com
A Review of Asymmetric Cryptography (2017-01-31) resources.infosecinstitute.com
Half the Web Is Now Encrypted That Makes Everyone Safer (2017-01-30) www.wired.com
New US Executive Branch Websites to Force HTTPS (2017-01-20) www.pcmag.com
Handling HTTPS Requests With AkkaHTTPS Server (2017-01-20) dzone.com
New US Executive Branch Websites to Force HTTPS (2017-01-19) www.pcmag.com
All new executive branch gov domains will ditch HTTP enforce HTTPS (2017-01-19) techcrunch.com
An Examination of the Caesar Methodology Ciphers Vectors and Block Chaining (2017-01-18) resources.infosecinstitute.com
Advances In SSL 5 Strategies For Secure HighPerformance Load Balancers (2017-01-17) www.darkreading.com
Google Introduces Cloudbased Encryption Key Management Service (2017-01-16) www.infoq.com
A Brief Summary of Encryption Method Used in Widespread Ransomware (2017-01-13) resources.infosecinstitute.com
GitHub googlekeytransparency A transparent and secure way to look up public keys (2017-01-12) github.com
Apple partners with Tresorit to offer endtoend encryption for CareKit (2017-01-11) www.zdnet.com
Buggy Domain Validation Forces GoDaddy to Revoke Certs (2017-01-11) threatpost.com
Managing encryption keys in the cloud introducing Google Cloud Key Management Service (2017-01-11) cloudplatform.googleblog.com
Cloud Key Management Service (2017-01-11) cloud.google.com
Automating SSL encryption for your servers with LetsEncrypt and Ansible (2017-01-02) www.codeproject.com
The State of Crypto Law 2016 in Review (2017-01-02) www.eff.org
Giving Up on PGP (2016-12-16) www.schneier.com
The Weak Case Against Strong Encryption (2016-12-15) dzone.com
EFF to Tech Leaders Stand With Users and Tell Trump We Need Strong Encryption Internet Freedom (2016-12-13) www.eff.org
Facebook helps companies detect rogue SSL certificates for domains (2016-12-13) www.pcworld.com
AirMap DigiCert to issue digital certificates for drones (2016-12-13) www.pcworld.com
Surveillance encryption concerns in the wake of Donald Trumps victory (2016-11-10) www.siliconbeat.com
OpenSSL Releases Security Update (2016-11-10) www.us-cert.gov
Security Encryption Hashing and PHP (2016-11-07) www.phproundtable.com
Heres to more HTTPS on the web (2016-11-06) developers.googleblog.com
Introducing Internationalized Domain Name IDN Support (2016-10-21) letsencrypt.org
Report Slams Snapchat Skype Over Encryption (2016-10-21) www.pcmag.com
Always Encrypted feature in SQL Server 2016 (2016-10-19) www.codeproject.com
Even Clintons Aides Think Shes Wrong About Encryption (2016-10-15) motherboard.vice.com
Encryption A Backdoor For One Is A Backdoor For All (2016-10-14) www.darkreading.com
TLS noncense (2016-10-12) blog.cloudflare.com
Encrypted communications could have an undetectable backdoor (2016-10-11) www.pcworld.com
Crypto Wars Why the Fight to Encrypt Rages On (2016-10-10) www.pcmag.com
Is Lets Encrypt the Largest Certificate Authority on the Web (2016-10-10) www.eff.org
FBI Apple eye new fight over encryption (2016-10-10) thehill.com
Thanks To Encryption Governments Need Companies Like Yahoo To Spy on Users (2016-10-07) motherboard.vice.com
Updated Puppet GPG signing key (2016-10-06) puppet.com
Encrypted Secret Conversations Roll Out on Facebook Messenger (2016-10-06) www.pcmag.com
Facebook Messenger now lets you toggle endtoend encryption (2016-10-04) www.engadget.com
New Documents Reveal Government Effort to Impose Secrecy on Encryption Company (2016-10-04) www.aclu.org
After Mozilla inquiry Apple untrusts Chinese certificate authority (2016-10-04) www.pcworld.com
How Did the Feds Get Past Yahoos Encryption Yahoo (2016-10-04) www.wired.com
How to encrypt your Facebook Messages (2016-10-04) techcrunch.com
Facebook Messenger now lets everyone encrypt their conversations but theres a catch (2016-10-04) thenextweb.com
Tweet RT jeffbarr Amazon S3Encrypt Encrypt ampamp Decrypt files in S3 with KMS Keys httpstcogvLD9voI3l AWS httpstcoQvFaNzZFtc (2016-10-03) twitter.com
Israeli Firm Claims It Can Break WhatsApps Encryption from Backpack (2016-10-03) www.itsecurityguru.org
Stanford Researchers Seek Court Documents Ordering Companies to Help Government Defeat Encryption (2016-09-29) cyberlaw.stanford.edu
Introducing Dedicated SSL Certificates (2016-09-29) blog.cloudflare.com
Cryptpad a freeopen endtoend encrypted zeroknowledge shared text editor (2016-09-26) boingboing.net
The Cryptographic Key That Secures the Web Is Being Changed for the First Time (2016-09-24) motherboard.vice.com
How we brought HTTPS Everywhere to the cloud part 1 (2016-09-24) blog.cloudflare.com
An overview of TLS 13 and QA (2016-09-23) blog.cloudflare.com
Fixing the mixed content problem with Automatic HTTPS Rewrites (2016-09-22) blog.cloudflare.com
Cloudflare looks to TLS 13 to secure internet (2016-09-21) www.scmagazineuk.com
Introducing TLS 13 (2016-09-21) blog.cloudflare.com
Is TLS Fast Yet (2016-09-21) istlsfastyet.com
Opportunistic Encryption Bringing HTTP2 to the unencrypted web (2016-09-21) blog.cloudflare.com
Opportunistic Encryption Bringing HTTP2 to the unencrypted web (2016-09-21) blog.cloudflare.com
Additional AtRest and InTransit Encryption Options for Amazon EMR (2016-09-21) aws.amazon.com
Encryption Week (2016-09-20) blog.cloudflare.com
Tweet Introducing TLS 13 CloudFlare is turbocharging the encrypted internet httpstcoGpsWYkoIci httpstcoe6CEX3a0EJ (2016-09-20) twitter.com
Tweet Encryption Week TLS 13 Automatic HTTPS Rewrites and Opportunistic Encryption httpstcowaZB9CuuyM httpstcocEssBCBFpz (2016-09-20) twitter.com
Cloudflare Launches a ThreePronged Attack to Encrypt the Entire Web (2016-09-20) www.wired.com
Policy Law and Technology in the Current Crypto Wars (2016-09-14) cyberlaw.stanford.edu
Senators want to revive dead antiencryption bill leak shows (2016-09-13) www.itsecurityguru.org
Configure AWS Elastic Beanstalk Application to Use SSL (2016-09-12) dzone.com
Lets Encrypt Those CNAMES Shall We (2016-09-07) www.digitalgov.gov
More Than 40 Of Attacks Abuse SSL Encryption (2016-08-31) www.darkreading.com
Establish a Secure SSL Connection to PostgreSQL DB Server (2016-08-31) dzone.com
Collision Attacks Against 64Bit Block Ciphers (2016-08-26) www.schneier.com
Europe Begins Its Own Encryption TugofWar (2016-08-26) continuum.cisco.com
French German ministers demand new encryption backdoor law (2016-08-25) www.itsecurityguru.org
Taking stock of the new FrenchGerman encryption proposal (2016-08-24) www.politico.com
The Best Encryption Software of 2016 (2016-08-23) www.pcmag.com
BringYourOwnEncryption on AWS (2016-08-17) dzone.com
SignalFire New Firmware Adds AES128 Encryption to its Wireless Remote Monitoring Product Line (2016-08-16) www.remotemagazine.com
Encryption and the Golden Key (2016-08-11) www.lawfareblog.com
France says fight against messaging encryption needs worldwide initiative (2016-08-11) www.reuters.com
How the Government Is Waging Crypto War 20 (2016-08-10) motherboard.vice.com
New JustinTime Certificate Registration for AWS IoT (2016-08-03) aws.amazon.com
Intel Crosswalk bug invalidates SSL protection (2016-08-01) www.itsecurityguru.org
How Google protects your data CustomerSupplied Encryption Keys for Compute Engine goes GA (2016-08-01) cloudplatform.googleblog.com
Bringing HSTS to wwwgooglecom (2016-07-30) security.googleblog.com
Tweet You can now disable SSL validation in the settings menu httpstcow8xcpJFJXy (2016-07-28) twitter.com
Full Support for IPv6 (2016-07-26) letsencrypt.org
Beyond the Crypto Wars Access Now releases outcomes report from Crypto Summit 20 (2016-07-19) www.accessnow.org
(2016-07-19) dzone.com
Turkish coup used unbreakable encryption (2016-07-19) thehill.com
Week ahead Encryption fight poised to heat up (2016-07-18) thehill.com
Connecting to Twitter API using TLS Twitter Developers (2016-07-16) dev.twitter.com
Enable ClientSide SSL Authentication of an API with the API Gateway Console (2016-07-16) docs.aws.amazon.com
UK surveillance bill includes powers to limit endtoend encryption (2016-07-15) techcrunch.com
Encrypted comms company Silent Circle closes 50M Series C (2016-07-15) techcrunch.com
(2016-07-14) www.nginx.com
Security SSL has a Performance Tax (2016-07-11) blog.catchpoint.com
Why is State Department silent in the global encryption debate (2016-07-11) fedscoop.com
Facebook is testing endtoend encryption for Messenger (2016-07-08) www.theverge.com
Experimenting with PostQuantum Cryptography (2016-07-07) security.googleblog.com
How to Prevent Uploads of Unencrypted Objects to Amazon S3 (2016-07-06) blogs.aws.amazon.com
Secure GitLab Pages with StartSSL (2016-06-24) about.gitlab.com
PokitDok Security Update SSL Protocol Upgrade Notice (2016-06-23) blog.pokitdok.com
Configuring Custom Domains and SSL (2016-06-17) support.brightcove.com
Why Switching to HTTPS Will Make Your Analytics Better (2016-06-06) www.digitalgov.gov
Googles Encryption Choices With Allo (2016-05-23) www.buzzfeed.com
How to Use the REST API to Encrypt S3 Objects by Using AWS KMS (2016-05-23) blogs.aws.amazon.com
Announcing Heroku Free SSL Beta and Flexible Dyno Hours (2016-05-18) blog.heroku.com
Googles Allo runs on the same encryption tech that powers WhatsApp (2016-05-18) www.theverge.com
Setting up HTTPS for your REST API With Boxfuse (2016-05-15) dzone.com
NIST Plans to Fend off Quantum Computers That Will Attack Encryption (2016-05-12) dzone.com
How we built Origin CA Web Crypto (2016-05-10) blog.cloudflare.com
Police and Tech Giants Wrangle Over Encryption on Capitol Hill (2016-05-08) www.nytimes.com
HTTPS is Hard (2016-05-05) blog.pusher.com
Bringing HTTPS to all blogspot domain blogs (2016-05-03) security.googleblog.com
Adding HTTPS to Your Website (2016-05-02) dzone.com
Using HTTPS to Secure Your Websites An Intro to Web Security (2016-04-29) dzone.com
Using HTTPS to Secure Your Websites An Intro to Web Security (2016-04-26) auth0.com
The Encryption Farce (2016-04-25) www.wsj.com
BlackBerrys Global Encryption Key (2016-04-25) www.schneier.com
Install Lets Encrypt SSL Certificate and Force It to Use HTTPS (2016-04-21) dzone.com
Read the tech industrys open letter about unworkable encryption bill (2016-04-20) www.theverge.com
Canadian police reportedly got hold of BlackBerrys encryption key (2016-04-14) www.businessinsider.com
Covering Your Assets Data Encryption in API Management (2016-04-13) www.apiman.io
Upgrading to SHA2 and TLS 12 (2016-04-13) stripe.com
Binding SSL certificates to Warewolf Server for HTTPS communication (2016-04-13) warewolf.io
WordPresscom turns on HTTPS encryption for all websites (2016-04-08) techcrunch.com
New bill would require companies to decrypt data on demand (2016-04-08) www.theverge.com
White House declines support for encrypted data access bill (2016-04-07) disruptiveviews.com
WhatsApp bolsters encryption now endtoend (2016-04-06) disruptiveviews.com
WhatsApp ReIgnites the Encryption Debate With Its Software Update (2016-04-06) www.huffingtonpost.com
WhatsApp is Now EndtoEnd Encrypted (2016-04-05) www.schneier.com
WhatsApp now supports endtoend encryption for all your picture voice and text messages (2016-04-05) thenextweb.com
WhatsApp endtoend encryption Cross platform endtoend encryption for 11 group chat (2016-04-05) blog.whatsapp.com
SSL Server Test Powered by Qualys SSL Labs (2016-03-31) www.ssllabs.com
ENISA speaks out against backdoors into encryption (2016-03-30) disruptiveviews.com
FBI vs Apple A Postmortem (2016-03-30) hackaday.com
ACLU Map Documents the 63 Known Cases in Which Government Has Tried to Use All Writs Act to Overcome Encryption (2016-03-30) www.aclu.org
The Year 40bit Encryption Was Cracked (2016-03-28) dyn.com
More Encryption More Notifications More Email Security (2016-03-24) security.googleblog.com
Cryptography Is Harder Than It Looks (2016-03-24) www.schneier.com
1981 US Document on Encryption Policy (2016-03-23) www.schneier.com
The FBI is reportedly working with an Israeli forensics firm to crack the San Bernardino iPhone (2016-03-23) thenextweb.com
FBI enlists Israeli firm to unlock encrypted iPhone (2016-03-23) venturebeat.com
Apple and FBI Court Appearance Postponed (2016-03-22) www.infoq.com
Third party iPhone hacking option stalls AppleFBI showdown (2016-03-22) disruptiveviews.com
How to Use the New AWS Encryption SDK to Simplify Data Encryption and Improve Application Availability (2016-03-22) blogs.aws.amazon.com
Securing MongoDB Part 3 Database Auditing and Encryption (2016-03-20) dzone.com
How DiffieHellman Public Key Cryptography Works (2016-03-15) www.youtube.com
Googles HTTPS encryption efforts now on display in Transparency Report (2016-03-15) zdnet.com.feedsportal.com
After Apple the Justice Department is targeting WhatsApp over encryption (2016-03-13) thenextweb.com
WhatsApp Encryption Said to Stymie Wiretap Order (2016-03-12) www.nytimes.com
Privacy Security and Encryption (2016-03-10) www.graphite.org
Run OpenShift console on port 443 (2016-03-09) blog.openshift.com
AtRest Encryption in MongoDB 32 Features and Performance (2016-03-09) dzone.com
Its 2016 and were still not using HTTPS properly (2016-03-07) venturebeat.com
Introduction to Public Key Encryption for Managers (2016-03-06) dzone.com
US Secretary of Defense on Apple encryption Im not a believer in backdoors (2016-03-02) venturebeat.com
Major SSL Vulnerability Affects OpenSSL and HTTPS server traffic (2016-03-02) www.infoq.com
Judge backs Apple in encryption fight with government (2016-03-01) disruptiveviews.com
UKs spying rules would force tech companies to break encryption and youll pay for it (2016-03-01) thenextweb.com
Will This Bill End the War Between the Government and the Tech Community Over Encryption (2016-02-29) www.motherjones.com
The Importance of Strong Encryption to Security (2016-02-25) www.schneier.com
Apple to Tighten iCloud Backup Encryption (2016-02-25) www.ft.com
Apple reportedly wants Congress to decide on iPhone encryption case (2016-02-24) www.theverge.com
Privacy Encryption and the Fourth Amendment (2016-02-23) www.huffingtonpost.com
Decrypting an iPhone for the FBI (2016-02-22) www.schneier.com
Decentralized Public Key Infrastructure (2016-02-22) www.windley.com
Free SSLTLS Certificates With Lets Encrypt and Nginx (2016-02-21) dzone.com
The Debate at the Heart of the Digital Age (2016-02-21) www.box.com
Apple Sees Value in Privacy Vow (2016-02-20) www.nytimes.com
The FBI v Apple isnt at all the way you think it is (2016-02-19) www.cringely.com
Americans feel the tensions between privacy and security concerns (2016-02-19) www.pewresearch.org
EFF to Support Apple in Encryption Battle (2016-02-18) www.eff.org
Reform Government Surveillance Statement Regarding Encryption and Security (2016-02-18) reformgs.tumblr.com
Facebook and Twitter join Apples side in encryption battle (2016-02-18) www.theverge.com
How Tim Cook Became a Bulwark for Digital Privacy (2016-02-18) www.nytimes.com
On Apple and Encryption The FBI Security and iPhones (2016-02-18) dzone.com
Customer Letter Apple (2016-02-17) www.apple.com
Judge Orders Apple to Help FBI Crack San Bernardino iPhone (2016-02-17) www.motherjones.com
A Court Ordered Apple to Hack the San Bernardino Shooters Phone Read Tim Cooks Defiant Response (2016-02-17) www.motherjones.com
Apple vs the FBI all the news on the battle for encryptions future (2016-02-17) www.theverge.com
WhatsApp founder defends Apple in FBI encryption fight (2016-02-17) www.theverge.com
The FBI is striking at the heart of Apples security system (2016-02-17) www.theverge.com
Using Free SSLTLS Certificates from Lets Encrypt for NGINX (2016-02-17) www.nginx.com
Explaining Apples Fight With the FBI (2016-02-17) www.nytimes.com
End To End Encryption (2016-02-17) avc.com
Judge Orders Apple To Break Into Phone Of San Bernardino Shooter (2016-02-16) www.huffingtonpost.com
Lawmakers seek to bar US states from mandating encryption weaknesses (2016-02-11) disruptiveviews.com
RapidSSL is here (2016-02-11) opensrs.com
Worldwide Encryption Products Survey (2016-02-11) www.schneier.com
New bill looks to save smartphone encryption from state bans (2016-02-10) www.theverge.com
Box launches KeySafe service for secure storage of encryption keys (2016-02-04) venturebeat.com
Introducing Box KeySafe (2016-02-04) www.box.com
All Shopify Stores Now Use SSL Encryption Everywhere (2016-02-02) www.shopify.com
Encryption does not allow criminals and terrorists to go dark Harvard study finds (2016-02-01) www.dailydot.com
Encryption does not allow criminals and terrorists to go dark Harvard study finds (2016-02-01) www.dailydot.com
Facebook Shuts Down Parse Shocking Developers (2016-01-28) www.programmableweb.com
Chairman of Uber Military Tech companies should cooperate with intelligence agencies on encrypted data (2016-01-28) pando.com
UK Government Promoting BackdoorEnabled Voice Encryption Protocol (2016-01-22) www.schneier.com
District attorney offices are bringing the encryption war directly to the states (2016-01-22) www.theverge.com
AWS launches tool that provides SSL and TLS certificates for free (2016-01-21) venturebeat.com
Does the NSAs proencryption stance mean its already broken common protocols (2016-01-21) thenextweb.com
New AWS Certificate Manager Deploy SSLTLSBased Apps on AWS (2016-01-21) aws.amazon.com
ATTs CEO says Tim Cook shouldnt have any say in encryption debate (2016-01-21) www.theverge.com
Now Available AWS Certificate Manager (2016-01-21) blogs.aws.amazon.com
BitTorrent Sync adds folder encryption and other features for power users (2016-01-21) thenextweb.com
France Rejects Back Doors in Encryption Products (2016-01-20) www.schneier.com
Why Apple Defends Encryption (2016-01-20) tidbits.com
Tell the New York legislature how you really feel about this smartphone encryption bill (2016-01-19) www.theverge.com
Tim Cook Lashes Out at White House Officials for Being WishyWashy on Encryption (2016-01-15) theintercept.com
Amazon EBS Encryption Amazon Elastic Compute Cloud (2016-01-14) docs.aws.amazon.com
CloudFront Update HTTPS TLS v11v12 to the Origin AddModify Headers (2016-01-13) aws.amazon.com
Apple Facebook Google Microsoft and Twitter urge UK to guarantee encryption in law (2016-01-07) thenextweb.com
Securing APIs Using SecureDB Encrypted Identity Manager (2016-01-06) securedb.co
Visibility and control over SSL traffic in an era of HTTP20 (2015-12-23) f5.com
Apple Pushes Against British Talk of Softening Encryption (2015-12-21) rss.nytimes.com
Google will drop SHA1 encryption from Chrome by January 1 2017 (2015-12-18) venturebeat.com
EFF Access Now and the White House Sat Down to Talk About Encryption The Details (2015-12-17) www.eff.org
FBI Director James Comey Calls on Tech Companies Offering EndtoEnd Encryption to Reconsider Their Business Model (2015-12-10) theintercept.com
Coded Messages FBI Chief Says Texas Gunman Used Encryption to Text Overseas Terrorist (2015-12-09) www.nytimes.com
How Israel Regulates Encryption (2015-12-08) www.schneier.com
New Encryption at Rest for Amazon Aurora (2015-12-07) aws.amazon.com
Dell does a Superfish ships PCs with easily cloneable root certificates Ars Technica (2015-11-23) arstechnica.com
How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext (2015-11-05) blogs.aws.amazon.com
(2015-10-16) apievangelist.com
How is NSA breaking so much crypto (2015-10-15) freedom-to-tinker.com
An API For Encrypted Storage Of All Your Accounts Data Files And Setting (2015-10-15) apievangelist.com
Pushbullet Has Just Tightened Its SMS Encryption (2015-08-19) www.callfire.com
Securing Your Data Stream with P2P Encryption (2015-08-11) nordicapis.com
FBI chief claims encrypted communications danger to country (2015-07-09) disruptiveviews.com
The Risks of Mandating Backdoors in Encryption Products (2015-07-09) www.schneier.com
Code Specialists Oppose US and British Government Access to Encrypted Communication (2015-07-07) www.nytimes.com
Guest View US encryption export controls and misconceptions (2015-07-01) sdtimes.com
History of the First Crypto War (2015-06-22) www.schneier.com
Hieropt Encryption Library for NET WinForms Web NET (2015-06-18) codecanyon.net
Preventing hack using encryption not feasible says US government official (2015-06-17) thenextweb.com
Reddit is moving to total encryption (2015-06-17) www.theverge.com
SQL Server 2016 Always Encrypted (2015-06-16) www.infoq.com
Microsoft will soon use HTTPS to encrypt Bing search traffic by default (2015-06-15) venturebeat.com
Bing will soon encrypt your search queries by default (2015-06-15) thenextweb.com
Securing access to Wikimedia sites with HTTPS by default (2015-06-12) blog.wikimedia.org
Obamas received yet another open letter calling for him to defend encryption (2015-06-10) pando.com
The encryption debate in the balance (2015-06-09) disruptiveviews.com
US Tech Industry Warns Obama To Leave Encryption Alone (2015-06-09) www.huffingtonpost.com
Register for and Attend This June 16 WebinarDeep Dive Protecting Your Data with AWS Encryption (2015-06-09) blogs.aws.amazon.com
How to implement SSLTLS in Varnish Plus (2015-06-09) www.varnish-software.com
The US government is moving to HTTPS everywhere (2015-06-07) 18f.gsa.gov
Encrypt like a boss with the Email SelfDefense Guide Boing Boing (2015-06-06) boingboing.net
FBI says crypto technology promoted by Apple and WhatsApp is helping terrorists (2015-06-04) venturebeat.com
Facebook now lets you put a PGP key on your profile and uses it to encrypt notifications (2015-06-01) thenextweb.com
Facebook supports encrypted emails to defend user privacy (2015-06-01) pando.com
Facebook says users can add OpenPGP public keys to profiles enable encrypted email notifications (2015-06-01) venturebeat.com
UN Report on the Value of Encryption to Freedom WorldWide (2015-05-29) www.schneier.com
UN Government efforts to undermine encryption threaten basic human rights (2015-05-29) pando.com
Understanding HTTPS Protocol (2015-05-27) www.codeproject.com
Sunlight analysis reveals only 15 percent of congressional websites are HTTPS ready (2015-05-26) sunlightfoundation.com
Philip Zimmermann king of encryption reveals his fears for privacy (2015-05-25) www.theguardian.com
Philip Zimmermann king of encryption reveals his fears for privacy Technology The Guardian (2015-05-25) www.theguardian.com
Encryption Keys A Brief and Exciting History (2015-05-22) www.box.com
Stronger crypto better security (2015-05-11) blog.fluxiom.com
The FBI Keeps Demanding Impossible Solutions to Its Encryption Problem (2015-04-21) motherboard.vice.com
BitTorrents encrypted chat app Bleep gets photos (2015-04-03) venturebeat.com
Amazon EMR Now Supports Amazon S3 ClientSide Encryption (2015-03-25) aws.amazon.com
Yahoo shows off passwordfree logins and new encrypted email technology (2015-03-15) www.theverge.com
HDMI Splitter is also a Decrypter (2015-03-12) hackaday.com
Germany pushes for widespread endtoend email encryption (2015-03-09) gigaom.com
Outdated Encryption Keys Leave Phones Vulnerable to Hackers (2015-03-04) rss.nytimes.com
Protecting data on AWS cloud using powerful encryption techniques (2015-02-27) www.concur.com
Lets Declare GPG a Dead End for Encrypted Email (2015-02-26) moxie.org
Defending encryption doesnt mean opposing targeted surveillance (2015-01-23) gigaom.com

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.

API Encryption Organizations

These are the organizations I come across in my research who are doing interesting things in the API space. They could be companies, institutions, government agencies, or any other type of organizational entity. My goal is to aggregate so I can stay in tune with what they are up to and how it impacts the API space.

Arxan Technologies

Arxan Technologies is an American technology company specializing in anti-tamper protections for software. The company reports that applications secured by it are running on over 500 million devices.


DigiCert is a U.S.-based Certificate Authority located in Lehi, Utah, and has provided SSL Certificates and SSL management tools for over a decade. While other CAs offer a variety of products unrelated to encryption, DigiCert is solely focused on SSL innovation, which is paired with unmatched customer service.

Lets Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).


CloudFlare, Inc. is a U.S. company that provides a content delivery network and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites. Its network protects, speeds up, and improves availability for a website or mobile application with a change in DNS. 

Certificate Transparency

Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

AWS Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

AWS Key Management Service

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.


The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for applications and data subject to rigorous contractual or regulatory requirements for managing cryptographic keys, additional protection is sometimes necessary. Until now, your only option was to store the sensitive data (or the encryption keys protecting the sensitive data) in your on-premises datacenters. Unfortunately, this either prevented you from migrating these applications to the cloud or significantly slowed their performance. The AWS CloudHSM service allows you to protect your encryption keys within HSMs designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. AWS CloudHSM helps you comply with strict key management requirements without sacrificing application performance. The AWS CloudHSM service works with Amazon Virtual Private Cloud (VPC). CloudHSM instances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your Amazon Elastic Compute Cloud (EC2) instances. Placing CloudHSM instances near your EC2 instances decreases network latency, which can improve application performance. AWS provides dedicated and exclusive (single tenant) access to CloudHSM instances, isolated from other AWS customers. Available in multiple Regions and Availability Zones (AZs), AWS CloudHSM allows you to add secure and durable key storage to your applications.

If you think there is an organization I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.

API Encryption Tooling

As I study each API, and API related service, I'm always looking for open source tooling that has been developed around each area of the API life cycle. This is an aggregate of tooling I've come across and aggregated as part of my API testing research.


Google Certificate Transparency

Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.


The official Github mirror of the HTTPS Everywhere repository at https://gitweb.torproject.org/https

If there is a tool that you think should be listed here, let me know by submitting a Github issue or Tweeting a link at me. I'm always looking for new types of tools, and get better at organizing them here and making sense.