Posts about

API Keys

Is Your Mobile App Leaking Secrets?

October 30, 2018

In Why Exposed API Keys and Sensitive Data are Growing Cause for Concern, Janet Wagner points out that the exposure of sensitive data through code is a growing cause of concern as developers rely more and more on the cloud for the overall workflow during development and deployment of their applications and in accessing third part services at run-time from within them. Read Full Story

A Tour of API Underprotection

April 3, 2018

An OWASP AppSec California 2018 Talk The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days? Read Full Story

A Brief Introduction to Approov

January 19, 2018

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works. Read Full Story

Help Your Mobile API Ecosystem to Flourish

July 5, 2017

(Image via http://maxpixel.freegreatpicture.com) Read Full Story

Hands on Mobile API Security: Pinning Client Connections

May 31, 2017

Add TLS and Certificate Pinning While Removing Client Secrets Read Full Story

Hands on Mobile API Security - Using a Proxy to Protect API Keys

May 11, 2017

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble) Read Full Story

Mobile API Security Techniques Part 3

March 7, 2017

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story

Mobile API Security Techniques Part 2

February 21, 2017

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story