We're Hiring!
Request Demo

Shona Hossell

Approov Blog

Cybersecurity concept; open padlock surrounded by keys

Zero-Trust Alone Proves Inadequate for Securing APIs

April 18, 2023

The disclosure of three significant API security incidents in the first two months of 2023 serves as a reminder that, as the use of APIs continue to rise, so too does the number of API related security breaches. Read Full Story
Mobile security concept; padlock smartphone, digital background

What is Runtime Application Self-Protection (RASP)?

April 6, 2023

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time. Read Full Story
Pinning concept; overhead view of yellow and white push pins on a blue background

Is Certificate Pinning Worth it?

November 24, 2022

In a word - yes; when implemented correctly, certificate pinning is an effective method for securing mobile application traffic by restricting the accepted certificates to just those you are willing to trust. In its most secure manifestation, this trust sits outside the standard TLS certificate store managed by the device. Read Full Story
Cybersecurity concept; chains linked by secure padlock

Is API Authentication Secure?

August 23, 2022

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. In this article we’ll discuss the main API authentication methods (HTTP basic authentication, API Keys and OAuth2) and whether they provide sufficient protection for your APIs. Read Full Story
Digital security concept; digital key with binary data in background

Why Should You Keep Your API Key Secure?

July 12, 2022

Attacks against APIs are increasing and API key protection is central to minimizing your business risks. In this article we’ll look at what your exposures are and what you should do about it. Read Full Story
Vintage keys in a wooden box

How Should API Keys be Stored?

June 27, 2022

Mobile app developers keep hearing that they shouldn’t store API keys in their app code but they don’t hear where they should store them. In this article we discuss the topic and provide some practical solutions. Read Full Story
Group of people represented by wooden figures

If You Can't Make It, Fake It

November 22, 2017

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers. Read Full Story

Posts by Topic

see all

Subscribe to our blog

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

 

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.