Posts about

Certificate Pinning

FHIR API Security Research - 3 Immediate Actions For Mobile Healthcare Companies

November 22, 2021

Considering the recent “Playing with FHIR” research report together with the earlier “All that We Let In” research report (which looked at the state of mHealth app/API security), it would be understandable if healthcare organizations were unsure of what immediate actions they should take. In this article we will focus on healthcare service companies who have patient or clinician mobile apps, for whom we will recommend 3 immediate steps which should be taken today. Read Full Story

How Certificate Pinning Helps Thwart Mobile MitM Attacks

November 9, 2021

Editor's note: This post was originally published in November 2021 in Cyber Defense Magazine. The massive deployment of mobile apps is presenting new attack surfaces to bad actors and the API channel between the apps and backend services is one of the 5 defined attack surfaces in the ecosystem. In this article we will explore the challenges of defending this channel and outline some practical steps you can take to put immediate protection in place. Read Full Story

Approov Dynamic Certificate Pinning

September 30, 2021

One of the key, if sometimes overlooked, features of Approov is its integrated support for dynamic certificate pinning. In this blog we explain how it works and its numerous advantages. Read Full Story

Our Certificate Pinning Configuration Tool

September 30, 2021

In this blog we introduce our new mobile certificate pinning configuration tool. This free web tool allows you to automatically generate the configuration required to pin your mobile app connections, providing an additional layer of security.  Read Full Story

How to Bypass Certificate Pinning with Frida on an Android App

May 4, 2021

In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks. Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. Read Full Story

Closing Both Web and Mobile Doors To Automated Traffic

March 16, 2021

In this article we will look at the challenges of making sure that bots and other automated traffic can’t gain access to your backend systems, no matter how they try. Most enterprises offer services through their website and their mobile app and both attack surfaces must be considered. Ensuring that both channels are properly defended will prevent DDoS, credential stuffing, data scraping and other fraudulent exploits from occurring. Read Full Story

Building Your Gold Standard For Account Access

February 16, 2021

In this article we are going to look at the key use cases you should consider around protecting access to your users’ accounts and what you should think about when building your gold standard security to protect them. Read Full Story

Approov Xamarin QuickStart

July 29, 2020

Xamarin is a very popular framework for building cross platform apps using C#. Microsoft offers full support for inclusion of native iOS or Android libraries and an excellent IDE, Visual Studio, making Xamarin an ideal cross platform mobile app development solution. You shouldn’t need to compromise on security just because you are using a higher level framework rather than developing native apps. Our Xamarin Quickstart guide allows you to easily get up and running with Approov, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

Security Key to mHealth Success

July 23, 2020

  In 2016, mHealth apps were the third fastest-growing category of apps behind games and utilities. In 2017, the number of healthcare applications available for smartphone users doubled from that of 2015 to 325,000, from 84,000 different publishers, with an estimated 3.7 billion downloads that year. By 2018, nearly a third of all patients were using their mobile phone for health-related searches and for booking appointments, an overwhelming 99% of consumers believed that mHealth apps improved their quality of life and 70% of millennials were interested in a mobile app that would help them actively manage their well-being. By 2027, mHealth app usage among patients is projected to grow at a 10-year CAGR of 40%. Read Full Story

A Short Tour of the Approov Metrics

July 17, 2020

Approov API Threat Protection protects the APIs which service your mobile apps from abuse and fraud by unauthorized bad actors. We talk to customers about how Approov authenticates genuine mobile app instances without requiring hidden secrets or design decision making in the app. We discuss the simplicity of integrating it into your app and deploying it in production. We even talk about the scalability, redundancy and resilience built into the Approov cloud service. However, what we don’t talk enough about is our metrics, a required feature to monitor and manage your service. With this article, we will give our metrics the description they deserve. Read Full Story