Posts about

Reverse Engineering

Building Your Gold Standard For Account Access

February 16, 2021

In this article we are going to look at the key use cases you should consider around protecting access to your users’ accounts and what you should think about when building your gold standard security to protect them. Read Full Story

Man-in-the-Middle: Myths and Legends

January 6, 2021

Man-in-the-Middle (MitM), or more correctly Person-in-the-Middle, is the technique of inserting yourself into API traffic to observe or manipulate requests and transactions as they pass by. In this article we’ll look at how it’s done and what you should do to prevent it, exploding a few misapprehensions on the way. Read Full Story

Securing API Keys for Robust Mobile API Security

December 4, 2020

It’s been nearly half a decade since Gartner declared the API economy open, hailing it the enabler that could transform businesses into platforms. Since then, APIs have significantly evolved beyond their rather simple origins as middleware integration tools. Read Full Story

Root and Jailbreak - To Ban or Not to Ban?

November 4, 2020

Rooting Android phones and jailbreaking Apple phones are generally considered to be bad things to do and strong indicators of evil intent. In this article we will explore this position a little deeper and dig into the topic. We’ll discover that the truth is much more nuanced than that and one size does indeed not fit all. Finally we will propose the methodology you should consider when setting your security policies. Read Full Story

Securing Multiplayer Mobile Gaming Against Manipulation and Cyberthreats

August 25, 2020

Remember Pokémon Go, the location-based augmented reality mobile game from Niantic Labs that became an overnight global sensation when it launched in 2016? Well, the game has had a record 2019 having surpassed its launch year in revenues, announced a live AR multiplayer feature, and, on a slightly dissonant note, sued an “association of hackers” for creating and distributing unauthorized derivative versions of the company’s mobile apps. Around the launch, we’d covered some of the app-related issues in some detail, and here’s a quick recap of the situation as a prelude to multiplayer mobile gaming security in 2020. Read Full Story

Securing m-Commerce Apps

August 11, 2020

Anyone looking for a snapshot of how the COVID-19 pandemic is fuelling an e-commerce boom need look no further than Shopify’s recently released Q2 2020 financials. The platform witnessed a 71% jump in new store creation compared to the previous quarter this year. Every leading performance indicator was up in high double, or even triple, digits compared to Q2 2019 including sales (97%), gross merchandise volume (119%), merchant solutions revenue (148%), and adjusted per-share earnings (950%). Read Full Story

Quick Analysis: NHSX Contact Tracing App

May 11, 2020

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github.  Read Full Story

How to Protect Against Certificate Pinning Bypassing

October 15, 2019

In my previous article, we saw how to bypass certificate pinning within a device you control and, as promised, we will now see how you can protect yourself against such an attack. In this article you will learn how to use a mobile app attestation service to protect your API server from accepting requests that come from a mobile app where certificate pinning has been bypassed. This means that even though the attacker has bypassed the certificate pinning, he will not be able to receive successful responses from the API server. Instead, the server will always return 401 responses, thus protecting your valuable data from getting into the wrong hands. Read Full Story

Improve the Security of API Keys

July 24, 2019

Securely identify your API Caller Read Full Story