Approov Serverless Reverse Proxy in the AWS API Gateway

Thu 27 February 2020 By Paulo Renato

Category: API Keys, Integration, Third Party APIs, API, API Security, Reverse Proxy, AWS

 

In my previous article, Using a Reverse Proxy to Protect Third Party APIs, I left you without a solution to secure the purple API key inside the mobile devices in the graphic above from being extracted by the bad guy wearing the orange hat. As promised I am going to show you in this article how you can implement a solution for it.

Rather than securing the purple API key, wouldn’t it be better not to have it in the first place or at least to make sure that if it is extracted then it can’t be used at scale by malicious actors? Well that's what a Mobile App Attestation solution is for, and we will start this article by explaining what it is. Spoiler alert: it allows you to secure your API without needing to ship any type of secret inside your mobile app or, if you already have a secret in your mobile app, it allows you to ensure that the secret can’t be used to abuse your API.

Read More

Using a Reverse Proxy to Protect Third Party APIs

Wed 12 February 2020 By Paulo Renato

Category: API Keys, Third Party APIs, API, API Abuse, API Security, Reverse Proxy

In this article you will start by learning what Third Party APIs are, and why you shouldn’t access them directly from within your mobile app. Next you will learn what a Reverse Proxy is, followed by when and why you should use it to protect the access to the Third Party APIs used in your mobile app.

Read More

STEAL THAT API KEY WITH A MAN IN THE MIDDLE ATTACK

Thu 04 April 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs, Mobile App Development

As I promised in my previous article, here it is the follow up article about performing a man in the middle (MitM) attack to steal an API key, and to follow this article you will need to become the man sitting in the middle of the actual channel, using mitmproxy to help you with the task of stealing the API key. Now it should be clear why MitM stands for man in the middle!

Read More

WHITELISTS AND INDIRECTION GO TOGETHER LIKE CHOCOLATE AND PEANUT BUTTER

Fri 28 July 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs

source: nourishmorelove

Read More

HELP YOUR MOBILE API ECOSYSTEM TO FLOURISH

Wed 05 July 2017 By Barry O'Rourke

Category: API Keys, Integration, Mobile App Authentication, Third Party APIs

(Image via http://maxpixel.freegreatpicture.com)

Read More

API KEY SECURITY WITH APPROOV

Tue 20 December 2016 By Jae Hossell

Category: API Keys, Third Party APIs

(Image by Magnus Hagdorn)

Read More

Page 1 of 1