David Stewart

API abuse is a growing concern in today's digital landscape, with criminals finding new and innovative ways to exploit APIs for their own gain. According to a recent study by Salt Security, "malicious API attack traffic surged 117% over the past year, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls." This article explores the topic as it relates to mobile centric businesses. Read Full Story

An API key is a token provided by a client when making API calls. It is used to authenticate and authorize access to specific resources. In this article, we answer the question, "Can I share my API key?" and provide some guidance on when it is appropriate to do so. Read Full Story

Gambling has come a long way since the days of visiting a bricks and mortar outlet and filling in some paperwork to bet on a small set of events and outcomes. Recent years have seen dramatic changes in this market. In this article we’ll look at how it has evolved and what the security implications are. Read Full Story

Google’s open source Flutter has quickly become one of the most popular development toolkits for building cross platform mobile applications. In this article we will examine what security is built-in to Flutter mobile apps and recommend additional layers which you may wish to consider for your mobile projects. Read Full Story

Editor's note: This post was originally published in September 2022 in IDG TECH(talk). Agentless security for mobile is an approach that promises businesses protection from attack without having to add any security related software into their mobile apps. In this article we will look at the pros and cons of adopting this approach compared to alternative mechanisms. Read Full Story

Spikes in the prices of fossil fuels have provided yet another incentive for consumers to move towards electric vehicles (EVs). Alongside that trend is the pressing requirement to have a charging infrastructure which provides enough capacity to satisfy this need. In this article we will explore how EV charging platforms are being architected and deployed while answering a question seldom asked - what security holes are being opened? Read Full Story

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. It provides a degree of protection out of the box and in this article we’ll examine how much security you’ll get from your API Gateway and what else might be needed to secure your data and services. Read Full Story

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. But how much security should you expect from an API Gateway? Read Full Story

In a previous article, we discussed “When do we add security into our app and onto our APIs?” The conclusion was to do it as soon as possible! That said, there are still choices to be made so in this article we explore how you should decide on appropriate protections for your mobile app and APIs. Read Full Story

API abuse, when the API is used in an unexpected way, is a growing problem in software development and one of the leading attack vectors cybercriminals exploit. According to a recent security research report that surveyed more than 200 enterprise security professionals, there was a 21.32% growth in malicious API call volume between December 2020 and December 2021. The same study also established that 95% of respondents had suffered an API security incident in the past year. Read Full Story