Addressing Vulnerabilities and Abuse for Comprehensive API Security

Fri 17 January 2020 By David Stewart

Category: Business, API, API Abuse, API Security

 

As APIs become a critical part of almost every business, the need to build a robust API security strategy grows infinitely. API calls account for 83% of web traffic, according to the Akamai 2019 [state of the internet] / security: Retail Attacks and API Traffic report. The largest API directory now lists nearly 22,000 public APIs, up from 12,000 in 2015. A majority of companies now consider APIs to be critical to business strategy and imperative for developing partner ecosystems, enhancing customer value and creating new revenue opportunities. Cloud Elements, in its third annual State of API Integration report, recently found that businesses planned to deploy an average of 18 new APIs in 2019, compared to just 11.5 in 2018.

Read More

42CRUNCH AND CRITICALBLUE ANNOUNCE PARTNERSHIP

Fri 23 November 2018 By David Stewart

Category: News, Integration, Business, Mobile App Authentication


Joint solution to ensure APIs are built correctly and used legitimately.  

Read More

API ABUSE IN 2017 (PART 3)

Mon 19 February 2018 By Barry O'Rourke

Category: Business, CheatingAsAService, Aggregators, Threats, A Series - API Abuse

Two particularly challenging forms of API abuse are Aggregation and Cheating as a Service. In both these cases your own users are enabling and sometimes funding the individuals and organizations abusing your APIs.

Read More

API ABUSE IN 2017 (PART 2)

Tue 13 February 2018 By Barry O'Rourke

Category: Business, Account Hijacking, Fake Accounts, Scrapers, Threats, A Series - API Abuse

Our first batch of business level attacks are Data Scrapers and Account Hijack. We also take a look at the lucrative business of Fake Account Factories.

Read More

API ABUSE IN 2017 (PART 1)

Fri 09 February 2018 By Barry O'Rourke

Category: Business, Threats, A Series - API Abuse

2017 has seen our customers tackling a wide range of abuse and misuse of their Mobile APIs. We are seeing multiple approaches where the business process transparency provided by APIs has resulted in exploitation. Time for a retrospective...

Read More

"WHAT IF I WANT TO CANCEL?"

Thu 01 February 2018 By Jae Hossell

Category: Integration, Business

Once you've started using Approov, we find it unlikely that you will want to cancel. However, it is a legitimate concern for potential users and, as we have a quick and simple cancellation process, I am happy to address it here. First up, consider the following scenario at the point of cancellation:

Read More

POSITIVE TECHNOLOGIES PARTNERS WITH CRITICALBLUE

Mon 29 January 2018 By David Stewart

Category: News, Business, Mobile App Authentication

Happy to announce that we are partnering with the great people at Positive Technologies to provide comprehensive protection across both Mobile and Web Channels. See the full press release for details on the API security partners.

Read More

APPROOV IN PARALLEL WITH USER AUTHENTICATION

Mon 22 January 2018 By Jae Hossell

Category: Business, Mobile App Authentication, Bots

In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides.

Read More

ARE YOU HUMAN, ROBOT OR JUST IMPATIENT?

Tue 28 November 2017 By Richard Taylor

Category: Integration, Business

Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right?

Read More

IF YOU CAN'T MAKE IT, FAKE IT

Wed 22 November 2017 By Shona Hossell

Category: Business, Mobile App Authentication, Bots, Threats

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers.

Read More

Page 1 of 2