Posts about

API

Approov Integration for the Azure API Management Platform

May 13, 2021

The Azure API Management Platform aims to be the front door to APIs hosted in Azure, on premises, or even in other clouds. The managed platform allows developers to secure, monitor, transform and maintain APIs published through it, using the Azure portal or the Azure CLI. Read Full Story

How to Bypass Certificate Pinning with Frida on an Android App

May 4, 2021

In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks. Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. Read Full Story

How to MitM Attack the API of an Android App

May 1, 2021

In a previous article we saw how to perform a MitM attack to steal an API key, but that approach required installing the proxy certificate into the Android device through the user trusted certificates store. An easier way exists, and in this article I will show how to use an Android Emulator with a writable file system that will allow us to install the proxy certificate directly into the system trusted store, without the need to root the emulator or make changes in the mobile app. Read Full Story

Guest Blog: Alissa Knight on 'Standing Outside The FHIR'

April 22, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In this blog, Alissa provides a plain English explanation of FHIR from the perspective of a hacker. Enjoy! Read Full Story

Approov Integration for Python FastAPI Backends

March 9, 2021

Python FastAPI framework’s first commit dates from 5th December 2018, followed by the first release on 25th December 2018. It was created by Sebastián Ramírez as a direct reflection of his several years of experience in creating APIs with complex requirements. Read Full Story

Approov Integration for Elixir Phoenix Channels Backends

January 15, 2021

The Elixir programming language was created by Jose Valim in 2012 as a research project at Plataformatec, the company he worked at the time. You can watch Elixir: The Documentary where he tells in the first person more about the motivations and reasons behind writing it. Read Full Story

Approov Integration for Swift Vapor Backends

January 8, 2021

Vapor is a framework written in the Swift programming language that brings the language from the iOS platform to the backend, thus allowing developers to develop the mobile app and the backend in the same programming language. Vapor was initially released on December 3, 2015, just one month after Apple open sourced Swift and started to add support for the Linux platform. Read Full Story

Approov Integration for Golang Backends

December 15, 2020

Go was developed at Google in 2007 by Robert Griesemer, Rob Pike, and Ken Thompson, but only publicly announced in November 2009. Go is a static typed, compiled and procedural programming language and was designed with the aim of improving developers’ productivity at Google. The language was created to address the criticism of other ones used at Google, such as C++, Python and Javascript, while at same retaining their good characteristics. The primary motivation to create Go was the shared dislike of C++ by the initial authors. Read Full Story

Approov Integration for Elixir Phoenix Guardian Backends

December 2, 2020

The Elixir programming language was created by Jose Valim in 2012 as a research project at Plataformatec, the company where he worked at the time. You can watch Elixir: The Documentary where he tells in the first person more about the motivations and reasons behind writing it. Read Full Story

Approov Integration for NodeJS KOA Backends

November 17, 2020

Photo by stein egil liland from Pexels   Node.js Koa is an expressive HTTP middleware framework that aims to make it easier and more enjoyable to write APIs, and it’s designed by the same team behind the popular Node.js Express framework. Compared with Express, Koa doesn’t bundle any middleware in its very small codebase, and leverages the Node.js async functions to allow the developer to ditch the callback functions and to improve error handling. The first release dates back to 8th November 2013 and references the tag 0.0.2. Read Full Story