Posts about

Threats

Closing Both Web and Mobile Doors To Automated Traffic

March 16, 2021

In this article we will look at the challenges of making sure that bots and other automated traffic can’t gain access to your backend systems, no matter how they try. Most enterprises offer services through their website and their mobile app and both attack surfaces must be considered. Ensuring that both channels are properly defended will prevent DDoS, credential stuffing, data scraping and other fraudulent exploits from occurring. Read Full Story

Clubhouse Needs A Bouncer

February 26, 2021

Even if you only have a vague interest in app security I’m sure the recent furore around Clubhouse hasn’t escaped your attention. There is significant buzz around this invite-only iOS app. Enabling live audio chat rooms between participants, it sets the expectation that these interactions are somewhat private and certainly not recorded.  With big celebrity names such as Elon Musk, Kanye West and Oprah Winfrey as users there is a significant demand for a coveted invite. Read Full Story

Balancing Mobile App and API Protection

January 18, 2021

A common discussion that comes up with customers is how they should consider the security requirements of their mobile apps and of the APIs that service them. A recent incident involving Nissan provides a reminder of how easily best laid protections can unravel. Read Full Story

Man-in-the-Middle: Myths and Legends

January 6, 2021

Man-in-the-Middle (MitM), or more correctly Person-in-the-Middle, is the technique of inserting yourself into API traffic to observe or manipulate requests and transactions as they pass by. In this article we’ll look at how it’s done and what you should do to prevent it, exploding a few misapprehensions on the way. Read Full Story

Securing API Keys for Robust Mobile API Security

December 4, 2020

It’s been nearly half a decade since Gartner declared the API economy open, hailing it the enabler that could transform businesses into platforms. Since then, APIs have significantly evolved beyond their rather simple origins as middleware integration tools. Read Full Story

Root and Jailbreak - To Ban or Not to Ban?

November 4, 2020

Rooting Android phones and jailbreaking Apple phones are generally considered to be bad things to do and strong indicators of evil intent. In this article we will explore this position a little deeper and dig into the topic. We’ll discover that the truth is much more nuanced than that and one size does indeed not fit all. Finally we will propose the methodology you should consider when setting your security policies. Read Full Story

EETimes Talks Approov and Automotive

September 1, 2020

Approov is making rapid progress in the automotive sector, particularly in mobility businesses. The specific challenges in this market were the subject of an interview we did with EETimes. Read Full Story

What Can You Achieve In Your 30 Day Free Approov Trial?

August 3, 2020

Approov is first and foremost an API protection solution for bot mitigation, securing mobile businesses against automated traffic and other attempts to gain unauthorized access to backend services, data and assets. However, while delivering this service Approov also gives valuable insight into the types and state of devices that are communicating with the protected services via the API. For example, do you know the proportion of connections coming from unauthorized software: bots, scripts, or repackaged apps? Do you know if your communications are being intercepted, if the mobile device is rooted/jailbroken, if your app is running in an emulator, if there is a debugger or framework attached, or even if your app is running in a cloned environment? Read on to find out you can get at these nuggets before the end of your free Approov trial. Read Full Story

A Short Tour of the Approov Metrics

July 17, 2020

Approov API Threat Protection protects the APIs which service your mobile apps from abuse and fraud by unauthorized bad actors. We talk to customers about how Approov authenticates genuine mobile app instances without requiring hidden secrets or design decision making in the app. We discuss the simplicity of integrating it into your app and deploying it in production. We even talk about the scalability, redundancy and resilience built into the Approov cloud service. However, what we don’t talk enough about is our metrics, a required feature to monitor and manage your service. With this article, we will give our metrics the description they deserve. Read Full Story

Scanshake: Meeting the Need for Decentralised Contact Tracing

June 25, 2020

As we discussed in our previous blog, there is a strong argument to be made that Bluetooth Contact tracing is too Blue Sky. The technology has been overhyped, over promised and, in the UK at least , the delivery so bungled that public confidence has been completely undermined. In the meantime we are stepping back to manual contact tracing efforts, with privacy characteristics that don’t come anywhere close to the lofty aspirations of decentralised contact tracing apps. Read Full Story