David Stewart

How To Protect Against Account Takeover In 2021

September 29, 2021

Editor's note: This post was originally published in September 2021 in Threatpost. Data breaches and hacking put internet users at risk of account takeover, if cyber-criminals successfully gain access to valid login credentials. There are reckoned to be in excess of  8.4 million discrete passwords currently circulating online, over 3.5 billion of which are tied to active email addresses. Read Full Story

Ensuring Secure Remote Care For The Elderly

September 23, 2021

In this article, we’ll be looking at the role that mobile health or mHealth apps and Application Programming Interfaces (APIs) are playing in remote care of the elderly. We shall also consider the vulnerabilities that can afflict these digital platforms, as well as remedial measures and best practices for dealing with these issues. Read Full Story

7 Ways to Defend Mobile Apps and APIs from Cyberattacks

September 6, 2021

Editor's note: This post was originally published in September 2021 in Threatpost. There are two essential elements driving progress in today's digital-first economy: Mobile applications and APIs. An API (Application Programming Interface) is software that allows applications to communicate and exchange data with each other.  Read Full Story

API-First Strategies Require API-First Security

August 3, 2021

Editor's note: This post was originally published in July 2021 in ToolBox. Back in 2017, Gartner predicted that API abuse would be the most frequent attack vector for data breaches by 2022. Two years later, when exposed APIs already made up 40% of the attack surface for web-enabled applications, the research and advisory company estimated that figure to soar to 90% by 2021.  Read Full Story

Pentesting Mobile Platforms - A Short Guide Based On Experience

July 30, 2021

Penetration testing (Pentesting) is a well understood process for validating network security. The requirements and desired outcomes have been developed over time and are generally clear. However the existence of a mobile channel changes the picture. In this article we tap into our experiences (good and bad) of working with pentesters to validate and verify the efficacy of our customers’ mobile business protection. Read Full Story

The Mobile Attack Pyramid

July 13, 2021

Editor's note: This post was originally published in July 2021 in Cyber Defense Magazine. A regular pyramid has 5 surfaces, 4 sloping ones and another as its base. In this article we will walk through the mobile attack pyramid, discussing each of the 5 attack surfaces and recommending best practice for protecting them. Read Full Story

Tipping Point for the Car Rental Industry

June 16, 2021

Editor's note: This post was originally published in June 2021 in Security Today. The Covid-19 epidemic has forced the car rental industry into rethinking its value proposition. While it once positioned itself as an ancillary service to the airline industry, generating the bulk of its income through airport locations, a collapse in global airline passenger numbers over the past year may have sped up a process already underway: Far from occupying a segment in the travel industry, car rental companies are now one corner of the Cars as a Service industry. Read Full Story

Guest Blog: Alissa Knight on ‘Playing with FHIR’

June 2, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight. This is the third blog in a series about the security risks exposed by the push to adopt FHIR APIs in US healthcare. Read Full Story

Guest Blog: Alissa Knight on 'FHIR Walker: Authentication and Authorization in FHIR APIs'

May 13, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In the first article, Alissa provided a plain English explanation of FHIR from the perspective of a hacker. In this blog, Alissa covers mobile API authentication and authorization. Read Full Story

Guest Blog: Alissa Knight on 'Standing Outside The FHIR'

April 22, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In this blog, Alissa provides a plain English explanation of FHIR from the perspective of a hacker. Enjoy! Read Full Story