Top 5 Threats to APIs Servicing Mobile Apps

Sun 29 March 2020 By David Stewart

Category: Fake Accounts, Scrapers, Bots, Repackaged Apps, MitM Attack, API Abuse, API Security

 

As mobile apps become increasingly paramount to operating successfully in today’s markets, a big question mark over API security is raised. Gartner has previously predicted that by 2022, “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” Since every mobile app out there is powered by APIs, securing them is clearly a top priority.

Read More

Blockchain renders online votes immutable, including fake votes!

Thu 19 March 2020 By David Stewart

Category: Fake Accounts, Bots, Repackaged Apps, API, MitM Attack, API Abuse, API Security

“It's the wave of the future,” declared the US State of West Virginia's Secretary of State of following a limited deployment of a blockchain-based voting app for the state's general midterm elections. For cybersecurity and election integrity advocates, however, the move was “an example of all the things states shouldn’t do when it comes to securing their elections.”

Read More

Approov Serverless Reverse Proxy in the AWS API Gateway

Thu 27 February 2020 By Paulo Renato

Category: API Keys, Integration, Third Party APIs, API, API Security, Reverse Proxy, AWS

 

In my previous article, Using a Reverse Proxy to Protect Third Party APIs, I left you without a solution to secure the purple API key inside the mobile devices in the graphic above from being extracted by the bad guy wearing the orange hat. As promised I am going to show you in this article how you can implement a solution for it.

Rather than securing the purple API key, wouldn’t it be better not to have it in the first place or at least to make sure that if it is extracted then it can’t be used at scale by malicious actors? Well that's what a Mobile App Attestation solution is for, and we will start this article by explaining what it is. Spoiler alert: it allows you to secure your API without needing to ship any type of secret inside your mobile app or, if you already have a secret in your mobile app, it allows you to ensure that the secret can’t be used to abuse your API.

Read More

The Race to Secure Connected Cars

Wed 26 February 2020 By David Stewart

Category: Business, API Security, Mobility, A Series - Mobility Trends

This is the final article in our 3 part review of trends in the Mobility market. In case you missed them, the first part can be found here and the second part can be found here.

In 2015, “white hat” hackers remotely attacked a Jeep Cherokee and left it paralyzed on the side of a highway. They returned in 2016 with an in-vehicle hack to prove that things could get much worse. In 2017, researchers from an IT security company analyzed some of the most popular mobile apps from car manufacturers to find that every app was vulnerable to attacks in some shape or form. In 2018, the number of Black Hat attacks overtook White Hat incidents for the first time in the history of Smart Mobility.

Read More

Traditional OEMs in a Mobility-as-a-Service World

Tue 25 February 2020 By David Stewart

Category: Business, Mobility, A Series - Mobility Trends

This is the second article in our 3 part review of trends in the Mobility market. If you missed the first part,  you can find it here.

Electric vehicles (EVs), with a mere 1.7% market share in 2019, are still at least a few years away from going mass market. This segment is expected to hit mass market adoption by 2025 and then build up to a share of about half of all new car sales by 2040.

Read More

The Rise of On-Demand Mobility

Mon 24 February 2020 By David Stewart

Category: Business, Mobility, A Series - Mobility Trends

This is the first  article in a 3 part review of trends in the Mobility market. The complete series can be found here.

The Mobility market has become a key sector for Approov deployment over the last few years. Therefore we thought it would be interesting to take a look at this market in detail, to understand its underlying forces and trends. This is the first of a series of 3 blog articles on the topic.

Last year, the global car market posted its sharpest decline in sales – by 3 million according to one study, 4 million according to another – since the financial crisis of the last decade. The worse news is that neither study predicts a quick return to normal growth any time soon. In fact, 2022 is the earliest estimate for a global recovery.

Read More

Using a Reverse Proxy to Protect Third Party APIs

Wed 12 February 2020 By Paulo Renato

Category: API Keys, Third Party APIs, API, API Abuse, API Security, Reverse Proxy

In this article you will start by learning what Third Party APIs are, and why you shouldn’t access them directly from within your mobile app. Next you will learn what a Reverse Proxy is, followed by when and why you should use it to protect the access to the Third Party APIs used in your mobile app.

Read More

Getting Authentication Correct

Wed 22 January 2020 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, API Abuse, API Security

For zero trust mobile apps and APIs, credentials aren’t nearly enough.

Read More

Addressing Vulnerabilities and Abuse for Comprehensive API Security

Fri 17 January 2020 By David Stewart

Category: Business, API, API Abuse, API Security

 

As APIs become a critical part of almost every business, the need to build a robust API security strategy grows infinitely. API calls account for 83% of web traffic, according to the Akamai 2019 [state of the internet] / security: Retail Attacks and API Traffic report. The largest API directory now lists nearly 22,000 public APIs, up from 12,000 in 2015. A majority of companies now consider APIs to be critical to business strategy and imperative for developing partner ecosystems, enhancing customer value and creating new revenue opportunities. Cloud Elements, in its third annual State of API Integration report, recently found that businesses planned to deploy an average of 18 new APIs in 2019, compared to just 11.5 in 2018.

Read More

Securing Your API server with Approov and Cloudflare

Tue 19 November 2019 By Paulo Renato

Category: Integration, Mobile App Authentication, API

Cloudflare is famous among developers as a leading CDN to efficiently deliver customer facing Internet content for their applications, but Cloudflare can also be used to verify all incoming requests before they reach your API server, by leveraging Cloudflare workers.

Read More

Page 1 of 9