Shielding APIs that Service Mobile Apps: Part 4 - When?

March 9, 2022

In the final part of this four part series, we’ll recommend what actions you should take and when you should take them in order to implement effective shielding of your mobile app and APIs it uses. Read Full Story

Approov GRPC Quickstarts

February 23, 2022

Our Approov GRPC Quickstarts for Android/Java, iOS/Swift mobile clients and NodeJS server allow you to get up and running with Approov easily, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

Shielding APIs that Service Mobile Apps: Part 3 - How?

February 22, 2022

In the third part of this article series, we will look at the component parts of a shielding approach for APIs which service mobile apps and provide some guidance about what to consider when deploying a protective shield around your mobile business.  Read Full Story

Shielding APIs that Service Mobile Apps: Part 2 - What?

February 15, 2022

In the second part of this article series, we are going to explore what shielding of APIs connected to mobile apps actually means. To provide some context, we will also look at how the bad guys approach attacking the APIs that connect with your mobile apps. Read Full Story

Shielding APIs that Service Mobile Apps: Part 1 - Why?

February 8, 2022

In this series of articles, we are going to explore the why, what, how and when of shielding APIs that service mobile apps. Increasingly, mobile represents a special case when it comes to security and we will make the case for some explicit steps you should take if you are working within a company that relies on mobile apps to conduct its business. Read Full Story

Hacking Financial APIs - New Report, Familiar Results

January 20, 2022

Alissa Knight’s latest security research report “Scorched Earth” was recently released. In this blog we’ll look at 3 key themes from the report and the immediate mitigations that banks, crypto companies and fintechs should implement. Read Full Story

Shift Left but Shield Right - and what are the options?

January 17, 2022

As I explained in a previous blog about the FHIR API Research Alissa Knight recently completed, “Shift Left, but Shield Right” is a strategy Alissa recommends to address the issues she uncovered in the mobile apps she tested.  Read Full Story

Shift Left but Shield Right - but what does that mean?

January 12, 2022

We sponsored a major report “Playing with FHIR” by Alissa Knight, released in October 2021 (download it here) which investigated the security of mobile healthcare apps and APIs which use the FHIR standard. This report has certainly sparked a lot of debate about the security of healthcare apps and a broader discussion about who is accountable for keeping patient data safe as the ecosystem expands.  Read Full Story

What is Bank-Grade Security and is it Enough for 2022?

December 8, 2021

Many digital companies describe their platforms as being protected by ‘bank-grade security’. In this article, we will examine what is meant by this term and whether or not you should be comforted by it. Read Full Story

How to Defend against App Impersonation in 2022

November 25, 2021

Editor's note: This post was originally published in November 2021 in ThreatPost Most users who install applications through legitimate channels such as Google's Play Store or the Apple Store do so with complete trust that their information is safe from malicious attacks. This makes sense because they're the official app stores across the globe.  Read Full Story