Posts about

API Security - Analysis, News and Insights

Guest Blog: Alissa Knight on 'FHIR Walker: Authentication and Authorization in FHIR APIs'

May 13, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In the first article, Alissa provided a plain English explanation of FHIR from the perspective of a hacker. In this blog, Alissa covers mobile API authentication and authorization. Read Full Story

API Keys Can Be Phished Too

May 10, 2021

Photo credit: iStock.com/Evkaz We are all very aware of the issues around phishing of user credentials. But it is not only users that can be phished, apps can be too. In previous blogs we’ve shown you how you can make a MITM attack against an app. In this blog we’ll demonstrate that a MITM attack against an app is analogous to a phishing attack against a human. Moreover, there are some similar characteristics to the protections required. Read Full Story

Guest Blog: Alissa Knight on 'Standing Outside The FHIR'

April 22, 2021

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In this blog, Alissa provides a plain English explanation of FHIR from the perspective of a hacker. Enjoy! Read Full Story

Closing Both Web and Mobile Doors To Automated Traffic

March 16, 2021

In this article we will look at the challenges of making sure that bots and other automated traffic can’t gain access to your backend systems, no matter how they try. Most enterprises offer services through their website and their mobile app and both attack surfaces must be considered. Ensuring that both channels are properly defended will prevent DDoS, credential stuffing, data scraping and other fraudulent exploits from occurring. Read Full Story

Clubhouse Needs A Bouncer

February 26, 2021

Even if you only have a vague interest in app security I’m sure the recent furore around Clubhouse hasn’t escaped your attention. There is significant buzz around this invite-only iOS app. Enabling live audio chat rooms between participants, it sets the expectation that these interactions are somewhat private and certainly not recorded.  With big celebrity names such as Elon Musk, Kanye West and Oprah Winfrey as users there is a significant demand for a coveted invite. Read Full Story

Building Your Gold Standard For Account Access

February 16, 2021

In this article we are going to look at the key use cases you should consider around protecting access to your users’ accounts and what you should think about when building your gold standard security to protect them. Read Full Story

Balancing Mobile App and API Protection

January 18, 2021

A common discussion that comes up with customers is how they should consider the security requirements of their mobile apps and of the APIs that service them. A recent incident involving Nissan provides a reminder of how easily best laid protections can unravel. Read Full Story

Man-in-the-Middle: Myths and Legends

January 6, 2021

Man-in-the-Middle (MitM), or more correctly Person-in-the-Middle, is the technique of inserting yourself into API traffic to observe or manipulate requests and transactions as they pass by. In this article we’ll look at how it’s done and what you should do to prevent it, exploding a few misapprehensions on the way. Read Full Story

App and API Level Security for Connected Car Platforms

December 9, 2020

In 2009, the app economy officially kicked off with the Apple trademarked refrain “There’s an app for that.” A decade later, the mobile app is the center of gravity of the digital economy, transforming how we shop, bank, read, commute, socialize, work, travel, manage our health, and much more. Today, it seems, if there’s no app for that, then it’s probably not a fully digital experience. Read Full Story

Securing API Keys for Robust Mobile API Security

December 4, 2020

It’s been nearly half a decade since Gartner declared the API economy open, hailing it the enabler that could transform businesses into platforms. Since then, APIs have significantly evolved beyond their rather simple origins as middleware integration tools. Read Full Story