Approov is first and foremost an API protection solution for bot mitigation, however, while performing this task it also gives insight into the types and state of devices that are communicating with the protected services. For example, do you want to know the proportion of connections coming from unauthorised software: bots, scripts, or repackaged apps? Do you want to know if your communications are being intercepted, if the mobile device is rooted, if your app is running in an emulator, or if there is a debugger or framework attached? These types of questions can be answered with an Approov integration and you can even start getting at these nuggets before the end of your free trial.
Once you've started using Approov, we find it unlikely that you will want to cancel. However, it is a legitimate concern for potential users and, as we have a quick and simple cancellation process, I am happy to address it here. First up, consider the following scenario at the point of cancellation:
We recently agreed a custom Service Level Agreement(SLA) with one of our enterprise customers and one thing the process highlighted was that we don’t talk about Approov’s backend enough. In this post, I hope to remedy that slip by providing a brief overview while dwelling on the characteristics indicative of a quality cloud service.
In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides.
An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works.
We’ve had some requests recently from customers for some examples to show how to use Approov tokens with an ASP.Net Core 2.0 back end. In this blog I’ll walk you through adding the check to a basic API. It’s really straight forward! Thanks to Jon Hilton for this great blog which formed the basis for this example.
So as I type this, while obsessively checking the server logs, and #awsoutage on twitter, I am reminded of the Benjamin Franklin quote: "By failing to prepare, you are preparing to fail". Currently Amazon Web Services (AWS) is suffering from an unspecified problem with S3, their Simple Storage Service. This is a place where companies store files and underpins a fair chunk of the internet. Lots of websites will host their content on S3 and many services depend upon it to a degree. AWS has a huge share of the cloud service market so any outage by them is a big deal.