Approov Dynamic Pinning - An Independent View

Fri 26 June 2020 By David Stewart

Category: iOS, SafetyNet, Certificate Pinning, API Security

Our friends at Rakuten have written a blog about their opinions of and experiences with the Approov dynamic pinning capability. You can read it here. It’s always nice to be able to point at independent material about Approov because, although we think very highly of it, we may be somewhat biased!

Read More

Scanshake: Meeting the Need for Decentralised Contact Tracing

Thu 25 June 2020 By Richard Taylor

Category: Business, Threats, Healthcare

As we discussed in our previous blog, there is a strong argument to be made that Bluetooth Contact tracing is too Blue Sky. The technology has been overhyped, over promised and, in the UK at least , the delivery so bungled that public confidence has been completely undermined. In the meantime we are stepping back to manual contact tracing efforts, with privacy characteristics that don’t come anywhere close to the lofty aspirations of decentralised contact tracing apps.

Read More

Is Bluetooth Contact Tracing Too Blue-Sky?

Wed 24 June 2020 By Richard Taylor

Category: Threats, Mobile App Development, API Security, Healthcare

Contact tracing has been in the news a lot in recent months. No wonder. It’s widely seen as playing a key role in opening our societies up again after lockdown, and an important part of the strategy for countries that have already done well in suppressing transmissions. As technologists we, and many like us, immediately jumped onto the possibilities of Bluetooth. A ready made technology available on just about every smartphone designed for ubiquitous short range radio communication. Perfect. We just need to throw an app together and we can map all the contacts people are having day to day, so if anyone gets sick we can automatically alert anyone else that might have been exposed. Cool. Should be ready in a couple of weeks, right?

Read More

Six reasons to choose SaaS security over in-house

Tue 16 June 2020 By David Stewart

Category: Business, Cloud, Threats, API Security

 

 

Spending large amounts of money on in-house security may not yield as great a reduction in risk as you might hope. A big investment might only result in marginal improvements -- especially with the high price of cyber security labour in the current skills shortage. Finding the right mix of security options is something of a balancing act, and cloud-based security or SaaS security (Security as a Service, or SECaaS) can offer an alternative.

Read More

Protecting Your SDK With Approov

Thu 11 June 2020 By David Stewart

Category: Mobile App Authentication, Scrapers, Bots, Threats, Fintech, API Abuse, API Security, Mobility

Photo by Ann H from Pexels

When we talk about Approov API Threat Protection, we usually talk about it in the context of ensuring that only genuine instances of your own mobile app can use your API to access your backend servers. However, there is another use case which occurs commonly in our customer base - ensuring that only your SDK can use your API where you distribute your SDK to your customers. Here also, Approov is highly effective.

Read More

Vulnerabilities In Fintech Mobile Apps

Fri 22 May 2020 By David Stewart

Category: Business, Bots, Threats, Fintech

 

Mobile applications play an increasingly important role in our lives -- and the current global lockdown due to the COVID-19 situation has led to a surge in the download of financial technology or fintech apps. According to research by the deVere Group, the coronavirus pandemic has fuelled a massive 72% rise in the use of fintech apps in Europe. But while this spike in adoption and usage provides encouraging news for the fintech industry, these mobile apps present a real threat, with hackers looking for new ways to bypass software defences, or to exploit security vulnerabilities.

Read More

Approov Integration with Kong API Gateway

Wed 20 May 2020 By Paulo Renato

Category: Integration, Reverse Proxy, API Gateway

Photo by Mattia Serrani on Unsplash

 

API Gateways have become very popular for deploying APIs at scale because they sit between the client and the API server backend This enables all kinds of integrations without the need to modify the API code itself, and that’s exactly what Kong API Gateway excels at.

Read More

Approov iOS Native Integration QuickStarts

Sun 17 May 2020 By Richard Taylor

Category: Integration, iOS, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Evgeni Tcherkasski on Unsplash

Read More

Preventing Faked Proximity

Fri 15 May 2020 By Richard Taylor

Category: Threats, MitM Attack, API Abuse, API Security, Healthcare

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup.

Read More

APPROOV INTEGRATION WITH NGINX PLUS

Thu 14 May 2020 By Paulo Renato

Category: Integration, Reverse Proxy, API Gateway

Photo by James Wheeler from Pexels

 

NGINX first gained popularity as a fast and efficient web server with cache, load balancing and reverse proxy capabilities. With the evolution to NGINX Plus it gained additional capabilities, such as acting as an API Gateway with built in security controls. These security controls can be further extended via dynamic modules and we will utilise them to integrate Approov into the platform without changing any API code.

Read More

Page 1 of 12