The Race to Secure Connected Cars

Wed 26 February 2020 By David Stewart

Category: Business, API Security, Mobility, A Series - Mobility Trends

This is the final article in our 3 part review of trends in the Mobility market. In case you missed them, the first part can be found here and the second part can be found here.

In 2015, “white hat” hackers remotely attacked a Jeep Cherokee and left it paralyzed on the side of a highway. They returned in 2016 with an in-vehicle hack to prove that things could get much worse. In 2017, researchers from an IT security company analyzed some of the most popular mobile apps from car manufacturers to find that every app was vulnerable to attacks in some shape or form. In 2018, the number of Black Hat attacks overtook White Hat incidents for the first time in the history of Smart Mobility.

Read More

Traditional OEMs in a Mobility-as-a-Service World

Tue 25 February 2020 By David Stewart

Category: Business, Mobility, A Series - Mobility Trends

This is the second article in our 3 part review of trends in the Mobility market. If you missed the first part,  you can find it here.

Electric vehicles (EVs), with a mere 1.7% market share in 2019, are still at least a few years away from going mass market. This segment is expected to hit mass market adoption by 2025 and then build up to a share of about half of all new car sales by 2040.

Read More

The Rise of On-Demand Mobility

Mon 24 February 2020 By David Stewart

Category: Business, Mobility, A Series - Mobility Trends

This is the first  article in a 3 part review of trends in the Mobility market. The complete series can be found here.

The Mobility market has become a key sector for Approov deployment over the last few years. Therefore we thought it would be interesting to take a look at this market in detail, to understand its underlying forces and trends. This is the first of a series of 3 blog articles on the topic.

Last year, the global car market posted its sharpest decline in sales – by 3 million according to one study, 4 million according to another – since the financial crisis of the last decade. The worse news is that neither study predicts a quick return to normal growth any time soon. In fact, 2022 is the earliest estimate for a global recovery.

Read More

Using a Reverse Proxy to Protect Third Party APIs

Wed 12 February 2020 By Paulo Renato

Category: API Keys, Third Party APIs, API, API Abuse, API Security, Reverse Proxy

In this article you will start by learning what Third Party APIs are, and why you shouldn’t access them directly from within your mobile app. Next you will learn what a Reverse Proxy is, followed by when and why you should use it to protect the access to the Third Party APIs used in your mobile app.

Read More

Getting Authentication Correct

Wed 22 January 2020 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, API Abuse, API Security

For zero trust mobile apps and APIs, credentials aren’t nearly enough.

Read More

Addressing Vulnerabilities and Abuse for Comprehensive API Security

Fri 17 January 2020 By David Stewart

Category: Business, API, API Abuse, API Security

 

As APIs become a critical part of almost every business, the need to build a robust API security strategy grows infinitely. API calls account for 83% of web traffic, according to the Akamai 2019 [state of the internet] / security: Retail Attacks and API Traffic report. The largest API directory now lists nearly 22,000 public APIs, up from 12,000 in 2015. A majority of companies now consider APIs to be critical to business strategy and imperative for developing partner ecosystems, enhancing customer value and creating new revenue opportunities. Cloud Elements, in its third annual State of API Integration report, recently found that businesses planned to deploy an average of 18 new APIs in 2019, compared to just 11.5 in 2018.

Read More

Securing Your API server with Approov and Cloudflare

Tue 19 November 2019 By Paulo Renato

Category: Integration, Mobile App Authentication, API

Cloudflare is famous among developers as a leading CDN to efficiently deliver customer facing Internet content for their applications, but Cloudflare can also be used to verify all incoming requests before they reach your API server, by leveraging Cloudflare workers.

Read More

How to Protect Against Certificate Pinning Bypassing

Tue 15 October 2019 By Paulo Renato

Category: Mobile App Authentication, Repackaged Apps, Reverse Engineering, Threats, API, MitM Attack, Certificate Pinning

In my previous article, we saw how to bypass certificate pinning within a device you control and, as promised, we will now see how you can protect yourself against such an attack.

In this article you will learn how to use a mobile app attestation service to protect your API server from accepting requests that come from a mobile app where certificate pinning has been bypassed. This means that even though the attacker has bypassed the certificate pinning, he will not be able to receive successful responses from the API server. Instead, the server will always return 401 responses, thus protecting your valuable data from getting into the wrong hands.

Read More

Bypassing Certificate Pinning

Sun 18 August 2019 By Paulo Renato

Category: Android, Mobile App Development, MitM Attack, Certificate Pinning

In a previous article we saw how to protect the https communication channel between a mobile app and an API server with certificate pinning, and as promised at the end of that article we will now see how to bypass certificate pinning.

To demonstrate how to bypass certificate pinning we will use the same Currency Converter Demo mobile app that was used in the previous article.

In this article you will learn how to repackage a mobile app in order to make it trust custom ssl certificates. This will allow us to bypass certificate pinning.

Read More

Improve the Security of API Keys

Wed 24 July 2019 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, API, Mobile App Development, MitM Attack

Securely identify your API Caller

Read More

Page 1 of 9