Approov Blog

API Security - Analysis, News and Insights (7)

Editor's note: This post was originally published in September 2021 in Threatpost. Data breaches and hacking put internet users at risk of account takeover, if cyber-criminals successfully gain access to valid login credentials. There are reckoned to be in excess of 8.4 million discrete passwords currently circulating online, over 3.5 billion of which are tied to active email addresses. Read Full Story

In this article, we’ll be looking at the role that mobile health or mHealth apps and Application Programming Interfaces (APIs) are playing in remote care of the elderly. We shall also consider the vulnerabilities that can afflict these digital platforms, as well as remedial measures and best practices for dealing with these issues. Read Full Story

Editor's note: This post was originally published in September 2021 in Threatpost. There are two essential elements driving progress in today's digital-first economy: Mobile applications and APIs. An API (Application Programming Interface) is software that allows applications to communicate and exchange data with each other. Read Full Story

We have released a short video that demonstrates how fake apps can be used to commit fraud against your business and how Approov can help your organisation to fight back against these fake and/or repackaged apps. Read Full Story

Editor's note: This post was originally published in July 2021 in Spiceworks. Back in 2017, Gartner predicted that API abuse would be the most frequent attack vector for data breaches by 2022. Two years later, when exposed APIs already made up 40% of the attack surface for web-enabled applications, the research and advisory company estimated that figure to soar to 90% by 2021. Read Full Story

Penetration testing (Pentesting) is a well understood process for validating network security. The requirements and desired outcomes have been developed over time and are generally clear. However the existence of a mobile channel changes the picture. In this article we tap into our experiences (good and bad) of working with pentesters to validate and verify the efficacy of our customers’ mobile business protection. Read Full Story

Editor's note: This post was originally published in July 2021 in Cyber Defense Magazine. A regular pyramid has 5 surfaces, 4 sloping ones and another as its base. In this article we will walk through the mobile attack pyramid, discussing each of the 5 attack surfaces and recommending best practice for protecting them. Read Full Story

Editor's note: This post was originally published in June 2021 in Security Today. The Covid-19 epidemic has forced the car rental industry into rethinking its value proposition. While it once positioned itself as an ancillary service to the airline industry, generating the bulk of its income through airport locations, a collapse in global airline passenger numbers over the past year may have sped up a process already underway: Far from occupying a segment in the travel industry, car rental companies are now one corner of the Cars as a Service industry. Read Full Story

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight. This is the third blog in a series about the security risks exposed by the push to adopt FHIR APIs in US healthcare. Read Full Story

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In the first article, Alissa provided a plain English explanation of FHIR from the perspective of a hacker. In this blog, Alissa covers mobile API authentication and authorization. Read Full Story