Jae Hossell

Approov is first and foremost an API protection solution for bot mitigation, securing mobile businesses against automated traffic and other attempts to gain unauthorized access to backend services, data and assets. However, while delivering this service Approov also gives valuable insight into the types and state of devices that are communicating with the protected services via the API. For example, do you know the proportion of connections coming from unauthorized software: bots, scripts, or repackaged apps? Do you know if your communications are being intercepted, if the mobile device is rooted/jailbroken, if your app is running in an emulator, if there is a debugger or framework attached, or even if your app is running in a cloned environment? Read on to find out you can get at these nuggets before the end of your free Approov trial. Read Full Story

Once you've started using Approov, we find it unlikely that you will want to cancel. However, it is a legitimate concern for potential users and, as we have a quick and simple cancellation process, I am happy to address it here. First up, consider the following scenario at the point of cancellation: Read Full Story

We recently agreed a custom Service Level Agreement(SLA) with one of our enterprise customers and one thing the process highlighted was that we don’t talk about Approov’s backend enough. In this post, I hope to remedy that slip by providing a brief overview while dwelling on the characteristics indicative of a quality cloud service. Read Full Story

In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides. Read Full Story

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works. Read Full Story

We’ve had some requests recently from customers for some examples to show how to use Approov tokens with an ASP.Net Core 2.0 back end. In this blog I’ll walk you through adding the check to a basic API. It’s really straight forward! Thanks to Jon Hilton for this great blog which formed the basis for this example. Read Full Story

So as I type this, while obsessively checking the server logs, and #awsoutage on twitter, I am reminded of the Benjamin Franklin quote: "By failing to prepare, you are preparing to fail". Currently Amazon Web Services (AWS) is suffering from an unspecified problem with S3, their Simple Storage Service. This is a place where companies store files and underpins a fair chunk of the internet. Lots of websites will host their content on S3 and many services depend upon it to a degree. AWS has a huge share of the cloud service market so any outage by them is a big deal. Read Full Story

Are you an API consumer? Or, in other words, do your mobile apps use external APIs to provide content and functionality that engages with and excites your customers? If so, how do you prevent bad actors from stealing, or otherwise misusing, your access permissions? API security is a major challenge today. Read Full Story