Skip Hovsmith

A TOUR OF API UNDERPROTECTION

Tue 03 April 2018 By Skip Hovsmith

Category: API Keys, Integration, TLS

AN OWASP APPSEC CALIFORNIA 2018 TALK

The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days?

Read More

STRENGTHENING OAUTH2 FOR MOBILE

Wed 03 January 2018 By Skip Hovsmith

Category: TLS, Mobile App Authentication, OAuth2

Photo by Patrick Metzdorf on Unsplash

Read More

ADDING OAUTH2 TO MOBILE ANDROID AND IOS CLIENTS USING THE APPAUTH SDK

Mon 23 October 2017 By Skip Hovsmith

Category: TLS, Mobile App Authentication, OAuth2

OAuth2, often combined with OpenID-Connect, is a popular authorization framework that enables applications to protect resources from unauthorized access. It delegates user authentication to an authorization service, which then authorizes third-party applications to access the protected resources on the user’s behalf. OAuth 2 provides authorization flows for both web and mobile applications.

Read More

API PROTECTION REQUIRES BOTH USER AND APP AUTHENTICATION

Mon 14 August 2017 By Skip Hovsmith

Category: Mobile App Authentication

As an API provider, you open your restful back end to those you trust in the hopes of doing something useful, making a profit, or both. You’re quite careful about registering and authenticating your users, and you probably identify the app they are calling from, but is that enough to protect access and your revenue stream from malicious actors?

Read More

WHITELISTS AND INDIRECTION GO TOGETHER LIKE CHOCOLATE AND PEANUT BUTTER

Fri 28 July 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs

source: nourishmorelove

Read More

HOW PYTHON CODERS TRIED TO KILL MY SUPPOSEDLY SECURE JAVASCRIPT API SERVICE

Thu 15 June 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication

ONE DEVELOPER’S BAD DREAM

Read More

HANDS ON MOBILE API SECURITY: PINNING CLIENT CONNECTIONS

Wed 31 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

ADD TLS AND CERTIFICATE PINNING WHILE REMOVING CLIENT SECRETS

Read More

HANDS ON MOBILE API SECURITY - USING A PROXY TO PROTECT API KEYS

Thu 11 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble)

Read More

ADAPTING OAUTH2 FOR INTERNET OF THINGS (IOT) API SECURITY

Thu 30 March 2017 By Skip Hovsmith

Category: Mobile App Authentication, Threats

On Friday, 21 October 2016, multiple waves of distributed denial of service (DDoS) attacks shut down major internet services across the United States and Europe. The attacking botnet army consisted mainly of printers, IP cameras, residential gateways, and baby monitors infected with Mirai malware. Mirai targets IoT devices, and though each individual IoT device was not very powerful, taken together these devices did significant damage. For many mainstream internet users, the need for strong IoT security became painfully obvious.

Read More

MOBILE API SECURITY TECHNIQUES PART 3

Tue 07 March 2017 By Skip Hovsmith

Category: API Keys, A Series - Mobile API Security

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits.

Read More

Page 2 of 3