STEAL THAT API KEY WITH A MAN IN THE MIDDLE ATTACK

Thu 04 April 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs, Mobile App Development

As I promised in my previous article, here it is the follow up article about performing a man in the middle (MitM) attack to steal an API key, and to follow this article you will need to become the man sitting in the middle of the actual channel, using mitmproxy to help you with the task of stealing the API key. Now it should be clear why MitM stands for man in the middle!

Read More

HOW TO EXTRACT AN API KEY FROM A MOBILE APP BY STATIC BINARY ANALYSIS

Thu 14 March 2019 By Paulo Renato

Category: API Keys, Reverse Engineering



An API key is probably the most common method used by developers to identify what is making the request to an API server, but most developers are not aware how trivial it is for a hacker or even a script kiddie to steal and reuse an API key in order to gain unauthorized access to their APIs.

In the previous article we saw why your mobile app needs an API key, and now we will see how to grab that API key from your mobile app by reverse engineering the binary in an effective and quick way with an open source tool. Once we see how easy it can be done, we will realize that it is even achievable by non-developers.

 

Read More

WHY DOES YOUR MOBILE APP NEED AN API KEY?

Fri 01 March 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Mobile App Development

Mobile apps are becoming increasingly important in the strategy of any company. As a result, companies need to release new application versions at a fast pace, and this puts developers under pressure with tight deadlines to complete and release new features very quickly.

Read More

THE TOP 6 MOBILE API PROTECTION TECHNIQUES - ARE THEY ENOUGH?

Sat 22 December 2018 By Paulo Renato

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Threats

APIs are a necessary and central part of the strategy of any digital business that wants to stay competitive and monetize its assets. Additionally, end users’ form factor of choice when using digital services is now firmly mobile. The trend towards APIs and mobile devices has moved the attack surface in a significant way and digital businesses must adapt and evolve their security policies accordingly.

Read More

IS YOUR MOBILE APP LEAKING SECRETS?

Tue 30 October 2018 By Paulo Renato

Category: API Keys

In Why Exposed API Keys and Sensitive Data are Growing Cause for Concern, Janet Wagner points out that the exposure of sensitive data through code is a growing cause of concern as developers rely more and more on the cloud for the overall workflow during development and deployment of their applications and in accessing third part services at run-time from within them.

Read More

A TOUR OF API UNDERPROTECTION

Tue 03 April 2018 By Skip Hovsmith

Category: API Keys, Integration, TLS

AN OWASP APPSEC CALIFORNIA 2018 TALK

The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days?

Read More

A BRIEF INTRODUCTION TO APPROOV

Fri 19 January 2018 By Jae Hossell

Category: API Keys, Mobile App Authentication, Scrapers, Repackaged Apps

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works.

Read More

WHITELISTS AND INDIRECTION GO TOGETHER LIKE CHOCOLATE AND PEANUT BUTTER

Fri 28 July 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs

source: nourishmorelove

Read More

HELP YOUR MOBILE API ECOSYSTEM TO FLOURISH

Wed 05 July 2017 By Barry O'Rourke

Category: API Keys, Integration, Mobile App Authentication, Third Party APIs

(Image via http://maxpixel.freegreatpicture.com)

Read More

HOW PYTHON CODERS TRIED TO KILL MY SUPPOSEDLY SECURE JAVASCRIPT API SERVICE

Thu 15 June 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication

ONE DEVELOPER’S BAD DREAM

Read More

Page 1 of 2