Approov Blog

API Security - Analysis, News and Insights (2)

In recent years, the tech world has witnessed a significant shift towards what are known as "super apps." These mobile applications have become increasingly popular, offering a plethora of services within a single, convenient platform. While they present numerous opportunities for users and businesses, they also bring forth a set of unique challenges, particularly in the realm of mobile security. Read Full Story

This blog explains bot attacks in detail, how to distinguish good from bad bots, and explains how to let good bots do their useful work while preventing bad bots from doing any damage. It also explains why bot attacks on and by mobile apps are particularly problematic and require special defenses to be put in place. Read Full Story

Safeguarding Security and Integrity: In today's digital landscape, mobile applications have become integral to our daily lives, offering convenience, entertainment, and essential services. However, with the rise of mobile app usage, there's also been a surge in unauthorized and malicious apps (aka Dummy Apps, Cloned Apps, Tampered Apps) that pose significant threats to users, organizations, and developers alike. In this blog post, we'll explore why it's imperative for developers to prevent the running of non-authorized apps from accessing your API’s and how cutting-edge solutions like Approov Mobile Security can help safeguard security and integrity. Read Full Story

This is a Guest Blog written by the CyLab-Africa team : Theoneste Byagutangaza, Lena Chacha, Trevor Henry Chiboora, Joel Jefferson Musiime and George McGregor from Approov. This week, we published a new report: “The Security Challenges of Financial Mobile Apps in Africa”. This is based on research carried out by a research team from CyLab-Africa, sponsored by Approov. The research reveals an alarming Fintech exposure in Africa – 95% of the apps investigated leak secrets! The full report is published on the Approov website here and is essential reading for any mobile app developers who are planning worldwide deployment. Read Full Story

What is OWASP MASVS? The OWASP (Open Worldwide Application Security Project) MASVS (Mobile Application Security Verification Standard) is a valuable resource for mobile app developers seeking to improve the security posture of their iOS and Android applications. The standard is based on the collective knowledge of security experts from around the world and provides both a baseline and a benchmark for security requirements for mobile apps. Read Full Story

The last year has not been great for crypto. Most crypto currencies, including Bitcoin, experienced significant loss of value, and we saw high profile exchanges like FTX collapse. In addition, hackers were actively stealing crypto currency. The blockchain company Chainalysis calculated that $3.8bn was stolen by hackers in 2022. Read Full Story

The disclosure of three significant API security incidents in the first two months of 2023 serves as a reminder that, as the use of APIs continue to rise, so too does the number of API related security breaches. Read Full Story

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time. Read Full Story

Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client and service. Read Full Story

Pinduoduo Malware highlights the need for App Attestation on a Global Scale The recent Pinduoduo hack may have impacted over 700 million users in China, and highlights the need for mobile app attestation to protect against mobile app malware and other vulnerabilities. In the Pinduoduo hack, attackers were able to exploit a vulnerability in the popular ecommerce mobile app to gain access to user accounts and steal sensitive information, such as users' names, phone numbers, and addresses. This type of attack is not uncommon, and highlights the importance of implementing strong security measures, such as app attestation, to help prevent such vulnerabilities from being exploited. Read Full Story