Approov Blog

API (2)

Penetration testing (Pentesting) is a well understood process for validating network security. The requirements and desired outcomes have been developed over time and are generally clear. However the existence of a mobile channel changes the picture. In this article we tap into our experiences (good and bad) of working with pentesters to validate and verify the efficacy of our customers’ mobile business protection. Read Full Story

Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app. Read Full Story

Approov API security solution is used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app. Read Full Story

Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app. Read Full Story

The Azure API Management Platform aims to be the front door to APIs hosted in Azure, on premises, or even in other clouds. The managed platform allows developers to secure, monitor, transform and maintain APIs published through it, using the Azure portal or the Azure CLI. Read Full Story

In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks. Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. Read Full Story

Performing a MitM attack against an HTTPS channel requires the capability for the attacker to be able to add the proxy server Certificate Authority (CA) into the Trust Store of the device running the mobile app and a popular approach is to manually upload the CA to the device, but this comes with some challenges, that may require to root the device and/or repackage the mobile app. An easier way exists, and in this article I will show how to use an Android Emulator with a writable file system that will allow us to install the proxy certificate directly into the system trusted store, without the need to root the emulator or make changes in the mobile app. This is a hands on how to tutorial, that you can easily follow, even if you have not done a MitM attack before or you are just starting your developer Android journey. Read Full Story

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In this blog, Alissa provides a plain English explanation of FHIR from the perspective of a hacker. Enjoy! Read Full Story

Python FastAPI framework’s first commit dates from 5th December 2018, followed by the first release on 25th December 2018. It was created by Sebastián Ramírez as a direct reflection of his several years of experience in creating APIs with complex requirements. Read Full Story

The Elixir programming language was created by Jose Valim in 2012 as a research project at Plataformatec, the company he worked at the time. You can watch Elixir: The Documentary where he tells in the first person more about the motivations and reasons behind writing it. Read Full Story