API Keys (2)

A common discussion that comes up with customers is how they should consider the security requirements of their mobile apps and of the APIs that service them. A recent incident involving Nissan provides a reminder of how easily best laid protections can unravel. Read Full Story

Man-in-the-Middle (MitM), or more correctly Person-in-the-Middle, is the technique of inserting yourself into API traffic to observe or manipulate requests and transactions as they pass by. In this article we’ll look at how it’s done and what you should do to prevent it, exploding a few misapprehensions on the way. Read Full Story

The Elixir programming language was created by Jose Valim in 2012 as a research project at Plataformatec, the company where he worked at the time. You can watch Elixir: The Documentary where he tells in the first person more about the motivations and reasons behind writing it. Read Full Story

The Python Django framework was created in the last quarter of 2003 by Adrian Holovaty and Simon Willison when they were working as Python developers at the Lawrence Journal-World newspaper, although it was only released in July 2005. Read Full Story

Python is a high-level and general-purpose programming language that is dynamically interpreted at runtime. Python was created by Guido van Rossum in the late 1980s but only released to the public in 1991, as a successor to the ABC programming language. Read Full Story

Read Full Story

  In my previous article, Using a Reverse Proxy to Protect Third Party APIs, I left you without a solution to secure the purple API key inside the mobile devices in the graphic above from being extracted by the bad guy wearing the orange hat. As promised I am going to show you in this article how you can implement a solution for it. Rather than securing the purple API key, wouldn’t it be better not to have it in the first place or at least to make sure that if it is extracted then it can’t be used at scale by malicious actors? Well that's what a Mobile App Attestation solution is for, and we will start this article by explaining what it is. Spoiler alert: it allows you to secure your API without needing to ship any type of secret inside your mobile app or, if you already have a secret in your mobile app, it allows you to ensure that the secret can’t be used to abuse your API. Read Full Story

In this article you will start by learning what Third Party APIs are, and why you shouldn’t access them directly from within your mobile app. Next you will learn what a Reverse Proxy is, followed by when and why you should use it to protect the access to the Third Party APIs used in your mobile app. Read Full Story

For zero trust mobile apps and APIs, credentials aren’t nearly enough. Read Full Story

Securely identify your API Caller Read Full Story