Preventing Mobile App and API Abuse

Thu 21 March 2019 By Skip Hovsmith

Category: TLS, Android, iOS, Mobile App Authentication, OAuth2, API, Mobile App Development

 
Read More

How to Pin Mobile gRPC Channels

Mon 04 March 2019 By Skip Hovsmith

Category: TLS, Android, API, Mobile App Development, gRPC

Last-mile Security for gRPC-connected mobile APIs

Read More

Strengthen TLS in React Native Through Certificate Pinning - iOS Edition

Fri 30 November 2018 By Skip Hovsmith

Category: TLS, ReactNative, iOS

Enhance React Native’s networking API protection on Android and iOS without touching your Javascript code or manually editing the native code projects.

The first edition of this article implemented TLS certificate pinning for React Native apps on Android. Since then, the react-native-cert-pinner package has been enhanced to support pinning on iOS devices, and this edition of the post walks through the previous example for iOS. 

Read More

A TOUR OF API UNDERPROTECTION

Tue 03 April 2018 By Skip Hovsmith

Category: API Keys, Integration, TLS

AN OWASP APPSEC CALIFORNIA 2018 TALK

The fifth annual OWASP AppSec California was held in late January 2018 on the beach in Santa Monica. AppSec California is organized and run by an all-volunteer staff, and they put on a great conference — highly recommended. Besides excellent content and a chance to interact with many interesting colleagues, who wouldn’t want to hang out on the beach for a few days?

Read More

PRACTICAL API SECURITY WALKTHROUGH — PART 4

Thu 18 January 2018 By Simon Rigg

Category: Integration, TLS, Mobile App Authentication, Repackaged Apps, A Series - ShipFast

Welcome back! This is the fourth and final part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company.

Read More

PRACTICAL API SECURITY WALKTHROUGH — PART 3

Wed 17 January 2018 By Simon Rigg

Category: Integration, TLS, Mobile App Authentication, Repackaged Apps, A Series - ShipFast

Welcome back! This is the third part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company.

Read More

PRACTICAL API SECURITY WALKTHROUGH — PART 2

Tue 16 January 2018 By Simon Rigg

Category: Integration, TLS, Mobile App Authentication, Repackaged Apps, A Series - ShipFast

Welcome back! This is the second part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various API security exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company.

Read More

PRACTICAL API SECURITY WALKTHROUGH — PART 1

Fri 12 January 2018 By Simon Rigg

Category: Integration, TLS, Mobile App Authentication, Repackaged Apps, A Series - ShipFast

Welcome! A quick question: Do you know what’s using your API? Really?

Read More

STRENGTHENING OAUTH2 FOR MOBILE

Wed 03 January 2018 By Skip Hovsmith

Category: TLS, Mobile App Authentication, OAuth2

Photo by Patrick Metzdorf on Unsplash

Read More

TOUGHEN UP SOFT CERTIFICATE PINNING WITH APPROOV

Thu 14 December 2017 By Barry O'Rourke

Category: Integration, TLS

Devops just mailed to say they will rotate the certificates on all of the endpoints today, mentioned the Engineering Manager at one of our customers, that’s unexpected, I wonder what happened.

Read More

Page 1 of 2