Skip to main content

Alex Leung

Alex Leung is a Senior Enterprise Architect at Akamai Technologies. With over nine years at Akamai, Alex has been instrumental in advancing the capabilities of streaming high-quality media content through Akamai.


A login screen with a blank username and hidden password with the text "Authentication Isn't Everything"
Headshot of Alex Leung.

Authentication Isn’t Everything

Dec 10, 2024
by Alex Leung
Alex Leung explains why fortifying one's login API and loosening other parts of one's security posture can lead to cybersecurity issues.
Security
Illustration of a padlock in front of an illuminated data network with the following text: "Pad Credit Card Information to Protect Your Customers’ Wallets"
Headshot of Alex Leung.

Pad Credit Card Information to Protect Your Customers’ Wallets

Dec 5, 2024
by Alex Leung
We take a look at a recently-assessed API, to see how it avoided the problem that helped the Allies beat the Axis powers in World War II.
Security
An ominous-looking room that mostly lies in the dark, with only the floor being visible. The text reads, "In the Dark about Shadow APIs?"
Headshot of Alex Leung.

In the Dark about Shadow APIs?

Oct 31, 2024
by Alex Leung
Shadow APIs aren’t typically a risk you would think about when developing APIs. See real-world examples to understand the threats they pose.
Security
Hero Image with text, Scrub EXIF Image Data in your DeOps Pipeline.
Headshot of Alex Leung.

Scrub EXIF Image Data in Your DevOps Pipeline

Oct 24, 2024
by Alex Leung
When you take a photo with a digital camera or smartphone, you’re capturing more than just a beautiful image. Within that image file, you also have something called EXIF data (EXIF stands for “Exchangeable Image File Format”). This data includes camera settings, the timestamp of the photo, and GPS location information. Sometimes it’s best to […]
Compute
Illustration of an angled browser window that shows a mouse cursor close to the security lock symbol of a website address. The text reads, "Loose Lips Can Sink Websites Too", with the words "sink" and "websites" being highlighted in bold.
Headshot of Alex Leung.

Loose Lips Can Sink Websites Too

Oct 21, 2024
by Alex Leung
This blog dives into how exposed version numbers in your tech stack can lead to serious vulnerabilities, and what you can do to tighten security.
Security
Illustration with the text "Pay Attention to Your Non-Production Subdomains"
Headshot of Alex Leung.

Pay Attention to Your Non-Production Subdomains

Oct 17, 2024
by Alex Leung
Security teams often focus on an organization's main production domain. Learn why paying attention to your non-production subdomains matters.
Security
Illustration of a security question and answer entry capture screen, with text Pointless May Not Be Harmless.
Headshot of Alex Leung.

Pointless May Not Be Harmless: The Story of a Login Page with a Blank Security Question

Sep 17, 2024
by Alex Leung
Discover how attackers exploit security vulnerabilities in login pages and learn how to protect your web applications with best practices.
Security
A leaking pipe with the text "Security in your DevOps Pipeline: Is your GraphQL API leaky?"
Headshot of Alex Leung.

Security in Your DevOps Pipeline

Sep 10, 2024
by Alex Leung
Not disabling introspection before going live can pose a major security risk. We offer steps to improve security in your DevOps pipeline.
Security
Illustration of a collapsible caution sign, with text The Dangers of Never-Expiring JWT.
Headshot of Alex Leung.

The Dangers of the Never-Expiring JWT: Hidden Security Vulnerabilities

Sep 3, 2024
by Alex Leung
In this blog post, we focus on non-expiring JWTs. We look at how this issue arises along with the associated security vulnerabilities.
Compute
Illustration of a bar graph with many data points creating a wave-like appearance with text: Defend Your GraphQL Server Against Excessive Resource Consumption.
Headshot of Alex Leung.

Defend Your GraphQL Server Against Excessive Resource Consumption

Aug 20, 2024
by Alex Leung
We'll explore how GraphQL’s flexibility can be turned against you, focusing on a vulnerability highlighted by the OWASP API Security Top 10.
Compute
A red block symbol with the following text: "Defending Against a Login API Brute Force Attack: Because cutting corners can cripple you"
Headshot of Alex Leung.

Defending Against a Login API Brute Force Attack

Aug 13, 2024
by Alex Leung
Learn the importance of implementing the 'maximum failed login attempt' safeguard to protect your user accounts.
Compute