THE TOP 6 MOBILE API PROTECTION TECHNIQUES - ARE THEY ENOUGH?

Sat 22 December 2018 By Paulo Renato

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Threats

APIs are a necessary and central part of the strategy of any digital business that wants to stay competitive and monetize its assets. Additionally, end users’ form factor of choice when using digital services is now firmly mobile. The trend towards APIs and mobile devices has moved the attack surface in a significant way and digital businesses must adapt and evolve their security policies accordingly.

Read More

API ABUSE IN 2017 (PART 2)

Tue 13 February 2018 By Barry O'Rourke

Category: Business, Account Hijacking, Fake Accounts, Scrapers, Threats, A Series - API Abuse

Our first batch of business level attacks are Data Scrapers and Account Hijack. We also take a look at the lucrative business of Fake Account Factories.

Read More

A BRIEF INTRODUCTION TO APPROOV

Fri 19 January 2018 By Jae Hossell

Category: API Keys, Mobile App Authentication, Scrapers, Repackaged Apps

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works.

Read More

SWIPE LEFT TO SCRAPE

Tue 02 May 2017 By Richard Taylor

Category: Scrapers, Bots, Threats

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code.

Read More

SIMPLE APP AUTHENTICATION

Mon 26 September 2016 By Johannes Schneiders

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Reverse Engineering

Suppose your mobile app relies on a back-end server that holds sensitive data or just data that you do not want to be manipulated or copied freely. You trust your own app to do everything right, but what about bots exploiting your API or if someone steals and subverts your app?

Read More

BOT MITIGATION CHALLENGES IN THE MOBILE WORLD

Tue 09 August 2016 By Richard Taylor

Category: Scrapers, Bots

Bots are everywhere, crawling all over the internet. Some are good, cataloguing websites and enabling you to search for pictures of cats with ease. Others are all about information gathering, theft and fraud, are known as API abuse, and are bad news. More and more time is being spent accessing the Internet from mobile devices, and apps are becoming increasingly important as the software performing this access. Apps are a new and challenging arena for existing bot mitigation techniques and attackers are starting to shift their focus from the mobile web channel to mobile apps to try and circumvent current protection mechanisms.

Read More

Page 1 of 1