TOUGHEN UP SOFT CERTIFICATE PINNING WITH APPROOV

Thu 14 December 2017 By Barry O'Rourke

Category: Integration, TLS

Devops just mailed to say they will rotate the certificates on all of the endpoints today, mentioned the Engineering Manager at one of our customers, that’s unexpected, I wonder what happened.

Read More

ADDING OAUTH2 TO MOBILE ANDROID AND IOS CLIENTS USING THE APPAUTH SDK

Mon 23 October 2017 By Skip Hovsmith

Category: TLS, Mobile App Authentication, OAuth2

OAuth2, often combined with OpenID-Connect, is a popular authorization framework that enables applications to protect resources from unauthorized access. It delegates user authentication to an authorization service, which then authorizes third-party applications to access the protected resources on the user’s behalf. OAuth 2 provides authorization flows for both web and mobile applications.

Read More

THE PROBLEM WITH PINNING

Thu 13 July 2017 By Barry O'Rourke

Category: Integration, TLS, Mobile App Authentication

Certificate or Public Key Pinning is an extension to TLS that is highly effective for bot mitigation by protecting the HTTPS connection between your app and API from snooping by third parties (otherwise known as a Man in the Middle attack). The technique makes use of the TLS protocol which requires the server to provide a certificate containing its public key. If the client has a copy of the expected certificate (or just the public key) and checks for a match before completing the TLS handshake then the client is considered pinned to the server.

Read More

HANDS ON MOBILE API SECURITY: PINNING CLIENT CONNECTIONS

Wed 31 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

ADD TLS AND CERTIFICATE PINNING WHILE REMOVING CLIENT SECRETS

Read More

HANDS ON MOBILE API SECURITY - USING A PROXY TO PROTECT API KEYS

Thu 11 May 2017 By Skip Hovsmith

Category: API Keys, Integration, TLS

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble)

Read More

Page 2 of 2