We're Hiring!

Skip Hovsmith

- Senior Consultant at Approov
Developer and Evangelist - Software Performance and API Security - Linux and Android Client and Microservice Platforms

Approov Blog

What You Need to Know About Broken Object Level Authorization (BOLA)

March 28, 2023

Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client and service. Read Full Story

React Native Automated Quickstart

April 12, 2021

The new React Native Approov Quickstart provides automated integration of Approov API threat protection for most React Native apps. Read Full Story

Securing APIs in React Native

May 14, 2020

ShipFast and ShipRaider made a fresh appearance at the RSA Conference in late February 2020 in San Francisco. This time the focus was on API security for React Native Apps: Read Full Story

Getting Authentication Correct

January 22, 2020

For zero trust mobile apps and APIs, credentials aren’t nearly enough. Read Full Story

Improve the Security of API Keys

July 24, 2019

Securely identify your API Caller Read Full Story

Preventing Mobile App and API Abuse

March 21, 2019

This post includes a video of SKip Hovsmith's talk on preventing mobile app and API abuse at the 2019 AppSec California Conference. Read Full Story

How to Pin Mobile gRPC Channels

March 4, 2019

Last-mile Security for gRPC-connected mobile APIs Read Full Story

Consider gRPC for Mobile APIs

February 5, 2019

EVALUATING GRPC REQUEST-RESPONSE, AUTHENTICATION, AND STREAMING gRPC is an open source remote procedure call (RPC) framework that runs across many different client and server platforms. It commonly uses protocol buffers (protobufs) to efficiently serialize structured data for communication, and it is used extensively in distributed and microservice-based systems. Read Full Story

Strengthen TLS in React Native Through Certificate Pinning - iOS

November 30, 2018

Enhance React Native’s networking API protection on Android and iOS without touching your Javascript code or manually editing the native code projects. The first edition of this article implemented TLS certificate pinning for React Native apps on Android. Since then, the react-native-cert-pinner package has been enhanced to support pinning on iOS devices, and this edition of the post walks through the previous example for iOS. Read Full Story

Strengthen TLS in React Native Through Certificate Pinning

August 14, 2018

Beginning in July 2018 with the 68 release, Chrome began marking all sites not running HTTPS (TLS over HTTP) as “not secure”. TLS uses site certificates to establish a chain of trust and encrypt communication at the transport layer. Read Full Story