API

Our Approov GRPC Quickstarts for Android/Java, iOS/Swift mobile clients and NodeJS server allow you to get up and running with Approov easily, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

One of the key, if sometimes overlooked, features of Approov is its integrated support for dynamic certificate pinning. In this blog we explain how it works and its numerous advantages. Read Full Story

In this blog we introduce our new mobile certificate pinning configuration tool. This free web tool allows you to automatically generate the configuration required to pin your mobile app connections, providing an additional layer of security.  Read Full Story

The AWS API Gateway platform aims to act as the front gate for APIs hosted in AWS, on premise, or even in other cloud services. The fully managed platform allows developers to create, publish, maintain, monitor and secure APIs at any scale. Read Full Story

Penetration testing (Pentesting) is a well understood process for validating network security. The requirements and desired outcomes have been developed over time and are generally clear. However the existence of a mobile channel changes the picture. In this article we tap into our experiences (good and bad) of working with pentesters to validate and verify the efficacy of our customers’ mobile business protection. Read Full Story

Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app. Read Full Story

Approov API security solution is used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app.  Read Full Story

Approov is an API security solution used to verify that requests received by your API services originate from trusted versions of your apps. It provides a very strong indication that a request can be trusted. The core Approov product is targeted at mobile apps, however, we provide several integrations with 3rd party web protection solutions so that a single backend Approov check can be used to authorize API access whether it originates from your mobile or web app.  Read Full Story

The Azure API Management Platform aims to be the front door to APIs hosted in Azure, on premises, or even in other clouds. The managed platform allows developers to secure, monitor, transform and maintain APIs published through it, using the Azure portal or the Azure CLI. Read Full Story

In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks. Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. Read Full Story