Barry O'Rourke

API ABUSE IN 2017 (PART 3)

Mon 19 February 2018 By Barry O'Rourke

Category: Business, Aggregators, CheatingAsAService, A Series - API Abuse, Threats

Two particularly challenging forms of API abuse are Aggregation and Cheating as a Service. In both these cases your own users are enabling and sometimes funding the individuals and organizations...

Read More

API ABUSE IN 2017 (PART 2)

Tue 13 February 2018 By Barry O'Rourke

Category: Business, Scrapers, Account Hijacking, Fake Accounts, A Series - API Abuse, Threats

Our first batch of business level attacks are Data Scrapers and Account Hijack. We also take a look at the lucrative business of Fake Account Factories.

Read More

API ABUSE IN 2017 (PART 1)

Fri 09 February 2018 By Barry O'Rourke

Category: Business, A Series - API Abuse, Threats

2017 has seen our customers tackling a wide range of abuse and misuse of their Mobile APIs. We are seeing multiple approaches where the business process transparency provided by APIs has resulted...

Read More

TOUGHEN UP SOFT CERTIFICATE PINNING WITH APPROOV

Thu 14 December 2017 By Barry O'Rourke

Category: TLS, Integration

Devops just mailed to say they will rotate the certificates on all of the endpoints today, mentioned the Engineering Manager at one of our customers, that’s unexpected, I wonder what happened.

Read More

UNINTENTIONAL UNPINNING WITH FIREBASE

Mon 28 August 2017 By Barry O'Rourke

Category: Threats, Mobile App Authentication, Integration

Google's Firebase provides comprehensive set of analytics services for developers to integrate with their apps. On Android the basic functionality is enabled simply by integrating the desired...

Read More

THE PROBLEM WITH PINNING

Thu 13 July 2017 By Barry O'Rourke

Category: Mobile App Authentication, Integration, TLS

Certificate or Public Key Pinning is an extension to TLS that is highly effective for bot mitigation by protecting the HTTPS connection between your app and API from snooping by third parties ...

Read More

HELP YOUR MOBILE API ECOSYSTEM TO FLOURISH

Wed 05 July 2017 By Barry O'Rourke

Category: Mobile App Authentication, Third Party APIs, API Keys, Integration

(Image via http://maxpixel.freegreatpicture.com)

Read More

API LOCKDOWN WITHOUT THE LOCKOUT

Tue 06 December 2016 By Barry O'Rourke

Category: Integration

When retrofitting an API change to an app which already has an existing install base care must be taken to handle the transition with minimal disruption to customers.

Read More

Page 1 of 1