STEAL THAT API KEY WITH A MAN IN THE MIDDLE ATTACK

Thu 04 April 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs, Mobile App Development

As I promised in my previous article, here it is the follow up article about performing a man in the middle (MitM) attack to steal an API key, and to follow this article you will need to become the man sitting in the middle of the actual channel, using mitmproxy to help you with the task of stealing the API key. Now it should be clear why MitM stands for man in the middle!

Read More

Preventing Mobile App and API Abuse

Thu 21 March 2019 By Skip Hovsmith

Category: TLS, Android, iOS, Mobile App Authentication, OAuth2, API, Mobile App Development

 
Read More

HOW TO EXTRACT AN API KEY FROM A MOBILE APP BY STATIC BINARY ANALYSIS

Thu 14 March 2019 By Paulo Renato

Category: API Keys, Reverse Engineering



An API key is probably the most common method used by developers to identify what is making the request to an API server, but most developers are not aware how trivial it is for a hacker or even a script kiddie to steal and reuse an API key in order to gain unauthorized access to their APIs.

In the previous article we saw why your mobile app needs an API key, and now we will see how to grab that API key from your mobile app by reverse engineering the binary in an effective and quick way with an open source tool. Once we see how easy it can be done, we will realize that it is even achievable by non-developers.

 

Read More

How to Pin Mobile gRPC Channels

Mon 04 March 2019 By Skip Hovsmith

Category: TLS, Android, API, Mobile App Development, gRPC

Last-mile Security for gRPC-connected mobile APIs

Read More

WHY DOES YOUR MOBILE APP NEED AN API KEY?

Fri 01 March 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Mobile App Development

Mobile apps are becoming increasingly important in the strategy of any company. As a result, companies need to release new application versions at a fast pace, and this puts developers under pressure with tight deadlines to complete and release new features very quickly.

Read More

APPROOV INTEGRATION IN A NODEJS EXPRESS API

Tue 05 February 2019 By Paulo Renato

Category: Integration, Mobile App Authentication

 

This walk-though will show us how simple it is to integrate Approov in a current API server using NodeJS and the Express framework.

Read More

Consider gRPC for Mobile APIs

Tue 05 February 2019 By Skip Hovsmith

Category: Android, API, Mobile App Development, gRPC

EVALUATING GRPC REQUEST-RESPONSE, AUTHENTICATION, AND STREAMING

gRPC is an open source remote procedure call (RPC) framework that runs across many different client and server platforms. It commonly uses protocol buffers (protobufs) to efficiently serialize structured data for communication, and it is used extensively in distributed and microservice-based systems.

Read More

APPROOV INTEGRATION IN A PYTHON FLASK API

Mon 04 February 2019 By Paulo Renato

Category: Integration, Mobile App Authentication

This walk-though will show us how simple it is to integrate Approov in a current API server using Python and the Flask framework.

We will see the requirements, dependencies and a step by step walk-through over the code necessary to implement Approov in a Python Flask API.

Before we tackle the integration of Approov we need first to know how Approov validation is processed in the server and how to setup the environment to follow this walk-through.

Note that this article assumes a basic understanding of the Approov mechanics. If you need an overview of that, please read first the Approov in Detail page.

 

Read More

THE TOP 6 MOBILE API PROTECTION TECHNIQUES - ARE THEY ENOUGH?

Sat 22 December 2018 By Paulo Renato

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Threats

APIs are a necessary and central part of the strategy of any digital business that wants to stay competitive and monetize its assets. Additionally, end users’ form factor of choice when using digital services is now firmly mobile. The trend towards APIs and mobile devices has moved the attack surface in a significant way and digital businesses must adapt and evolve their security policies accordingly.

Read More

Strengthen TLS in React Native Through Certificate Pinning - iOS Edition

Fri 30 November 2018 By Skip Hovsmith

Category: TLS, ReactNative, iOS

Enhance React Native’s networking API protection on Android and iOS without touching your Javascript code or manually editing the native code projects.

Read More

Page 1 of 8