Approov Blog

API Security - Analysis, News and Insights (4)

Spikes in the prices of fossil fuels have provided yet another incentive for consumers to move towards electric vehicles (EVs). Alongside that trend is the pressing requirement to have a charging infrastructure which provides enough capacity to satisfy this need. In this article we will explore how EV charging platforms are being architected and deployed while answering a question seldom asked - what security holes are being opened? Read Full Story

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. It provides a degree of protection out of the box and in this article we’ll examine how much security you’ll get from your API Gateway and what else might be needed to secure your data and services. Read Full Story

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. But how much security should you expect from an API Gateway? Read Full Story

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. In this article we’ll discuss the main API authentication methods (HTTP basic authentication, API Keys and OAuth2) and whether they provide sufficient protection for your APIs. Read Full Story

Introduction and Context This blog provides a snapshot of mobile app security in Financial Services based on an extensive study performed by Osterman Research and published in the Approov-sponsored report “The State of Mobile App Security in 2022”, in July this year. Read Full Story

Introduction and Context This blog provides a snapshot of mobile app security in Healthcare based on an extensive study performed by Osterman Research and published in the Approov-sponsored report “The State of Mobile App Security in 2022", in July this year. Read Full Story

Attacks against APIs are increasing and API key protection is central to minimizing your business risks. In this article we’ll look at what your exposures are and what you should do about it. Read Full Story

In a previous article we saw how to protect API keys by using Mobile App Attestation and delegating the API requests to a Proxy. This blog post will cover the situation where you can’t delegate the API requests to the Proxy, but where you want to remove the API keys (secrets) from being hard-coded in your mobile app to mitigate against the use of static binary analysis and/or runtime instrumentation techniques to extract those secrets. Read Full Story

Mobile app developers keep hearing that they shouldn’t store API keys in their app code but they don’t hear where they should store them. In this article we discuss the topic and provide some practical solutions. Read Full Story

API abuse, when the API is used in an unexpected way, is a growing problem in software development and one of the leading attack vectors cybercriminals exploit. According to a recent security research report that surveyed more than 200 enterprise security professionals, there was a 21.32% growth in malicious API call volume between December 2020 and December 2021. The same study also established that 95% of respondents had suffered an API security incident in the past year. Read Full Story