PRACTICAL API SECURITY WALKTHROUGH — PART 2

Tue 16 January 2018 By Simon Rigg

Category: Mobile App Authentication, Integration, Repackaged Apps, TLS, A Series - ShipFast

Welcome back! This is the second part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various API security exploits in a mobile...

Read More

PRACTICAL API SECURITY WALKTHROUGH — PART 1

Fri 12 January 2018 By Simon Rigg

Category: Mobile App Authentication, Integration, Repackaged Apps, TLS, A Series - ShipFast

Welcome! A quick question: Do you know what’s using your API? Really?

Read More

CHECKING APPROOV TOKENS IN ASP.NET CORE 2.0

Wed 10 January 2018 By Jae Hossell

Category: Integration

We’ve had some requests recently from customers for some examples to show how to use Approov tokens with an ASP.Net Core 2.0 back end. In this blog I’ll walk you through adding the check to a...

Read More

TOUGHEN UP SOFT CERTIFICATE PINNING WITH APPROOV

Thu 14 December 2017 By Barry O'Rourke

Category: TLS, Integration

Devops just mailed to say they will rotate the certificates on all of the endpoints today, mentioned the Engineering Manager at one of our customers, that’s unexpected, I wonder what happened.

Read More

ARE YOU HUMAN, ROBOT OR JUST IMPATIENT?

Tue 28 November 2017 By Richard Taylor

Category: Business, Integration

Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account....

Read More

UNINTENTIONAL UNPINNING WITH FIREBASE

Mon 28 August 2017 By Barry O'Rourke

Category: Threats, Mobile App Authentication, Integration

Google's Firebase provides comprehensive set of analytics services for developers to integrate with their apps. On Android the basic functionality is enabled simply by integrating the desired...

Read More

THE PROBLEM WITH PINNING

Thu 13 July 2017 By Barry O'Rourke

Category: Mobile App Authentication, Integration, TLS

Certificate or Public Key Pinning is an extension to TLS that is highly effective for bot mitigation by protecting the HTTPS connection between your app and API from snooping by third parties ...

Read More

HELP YOUR MOBILE API ECOSYSTEM TO FLOURISH

Wed 05 July 2017 By Barry O'Rourke

Category: Mobile App Authentication, Third Party APIs, API Keys, Integration

(Image via http://maxpixel.freegreatpicture.com)

Read More

HANDS ON MOBILE API SECURITY: PINNING CLIENT CONNECTIONS

Wed 31 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

ADD TLS AND CERTIFICATE PINNING WHILE REMOVING CLIENT SECRETS

Read More

HANDS ON MOBILE API SECURITY - USING A PROXY TO PROTECT API KEYS

Thu 11 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble)

Read More

Page 2 of 3