IS YOUR MOBILE APP LEAKING SECRETS?

Tue 30 October 2018 By Paulo Renato

Category: API Keys

In Why Exposed API Keys and Sensitive Data are Growing Cause for Concern, Janet Wagner points out that the exposure of sensitive data through code is a growing cause of concern as developers rely more and more on the cloud for the overall workflow during development and deployment of their applications and in accessing third part services at run-time from within them.

Read More

A TOUR OF API UNDERPROTECTION

Tue 03 April 2018 By Skip Hovsmith

Category: API Keys, Integration, TLS

AN OWASP APPSEC CALIFORNIA 2018 TALK

The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days?

Read More

A BRIEF INTRODUCTION TO APPROOV

Fri 19 January 2018 By Jae Hossell

Category: API Keys, Mobile App Authentication, Scrapers, Repackaged Apps

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works.

Read More

WHITELISTS AND INDIRECTION GO TOGETHER LIKE CHOCOLATE AND PEANUT BUTTER

Fri 28 July 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs

source: nourishmorelove

Read More

HELP YOUR MOBILE API ECOSYSTEM TO FLOURISH

Wed 05 July 2017 By Barry O'Rourke

Category: API Keys, Integration, Mobile App Authentication, Third Party APIs

(Image via http://maxpixel.freegreatpicture.com)

Read More

HOW PYTHON CODERS TRIED TO KILL MY SUPPOSEDLY SECURE JAVASCRIPT API SERVICE

Thu 15 June 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication

ONE DEVELOPER’S BAD DREAM

Read More

HANDS ON MOBILE API SECURITY: PINNING CLIENT CONNECTIONS

Wed 31 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

ADD TLS AND CERTIFICATE PINNING WHILE REMOVING CLIENT SECRETS

Read More

HANDS ON MOBILE API SECURITY - USING A PROXY TO PROTECT API KEYS

Thu 11 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble)

Read More

MOBILE API SECURITY TECHNIQUES PART 3

Tue 07 March 2017 By Skip Hovsmith

Category: API Keys, A Series - Mobile API Security

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits.

Read More

MOBILE API SECURITY TECHNIQUES PART 2

Tue 21 February 2017 By Skip Hovsmith

Category: API Keys, A Series - Mobile API Security

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits.

Read More

Page 2 of 3