Posts about


42Crunch and CriticalBlue Announce Partnership

November 23, 2018

Joint solution to ensure APIs are built correctly and used legitimately.   Read Full Story

API Abuse in 2017 (Part 3)

February 19, 2018

Two particularly challenging forms of API abuse are Aggregation and Cheating as a Service. In both these cases your own users are enabling and sometimes funding the individuals and organizations abusing your APIs. Read Full Story

API Abuse in 2017 (Part 2)

February 13, 2018

Our first batch of business level attacks are Data Scrapers and Account Hijack. We also take a look at the lucrative business of Fake Account Factories. Read Full Story

API Abuse in 2017 (Part 1)

February 9, 2018

2017 has seen our customers tackling a wide range of abuse and misuse of their Mobile APIs. We are seeing multiple approaches where the business process transparency provided by APIs has resulted in exploitation. Time for a retrospective... Read Full Story

"What if I Want to Cancel?"

February 1, 2018

Once you've started using Approov, we find it unlikely that you will want to cancel. However, it is a legitimate concern for potential users and, as we have a quick and simple cancellation process, I am happy to address it here. First up, consider the following scenario at the point of cancellation: Read Full Story

Positive Technologies Partners with CriticalBlue

January 29, 2018

Happy to announce that we are partnering with the great people at Positive Technologies to provide comprehensive protection across both Mobile and Web Channels. See the full press release for details on the API security partners. Read Full Story

Approov in Parallel With User Authentication

January 22, 2018

In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides. Read Full Story

Are You Human, Robot or Just Impatient?

November 28, 2017

Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right? Read Full Story

If You Can't Make It, Fake It

November 22, 2017

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers. Read Full Story

CriticalBlue’s Approov Chosen by Nimses to Protect Their Next Generation Social Media Platform

October 31, 2017

SAN JOSE, CALIFORNIA, USA, October 31, 2017 / -- CriticalBlue, provider of the award winning Approov mobile API protection solution, today announced the successful deployment of Approov within the Nimses social media platform. Fast growing mobile businesses are an attractive target for bad actors who will attack the rich APIs between mobile apps and enterprises’ backends to attempt exploits such as scraping of competitive data, fake account onboarding, fraud, DDoS and account takeover. Time and again, basic encryption and embedded secrets in mobile apps have proven to be insufficient barriers against these automated scripts and hackers. Read Full Story