Posts about

API Keys (4)

A Brief Introduction to Approov

January 19, 2018

An article on wired summarises 25 data breaches that made headlines during 2017. The implication in the article, and the general impression of those who take an interest, is that 2018 will bring more of the same in an ever accelerating trend of discovery and disclosure. The growth in attacks indicates that companies of all sizes should continually raise the defensive bar and Approov raises that bar significantly. In this short post I will provide a high-level view of what Approov does and how it works. Read Full Story

Whitelists & Indirection Go Together Like Chocolate and Peanut Butter

July 28, 2017

source: nourishmorelove Used properly, whitelisting is a simple and effective security tactic to minimize attack surfaces. If you’re not on the list, you don‘t get in. No exceptions. Smooth as chocolate. If it’s too easy for you to find and spoof a name on the list, use indirection to make it harder. Sticky as peanut butter. Together they taste great. Read Full Story

Help Your Mobile API Ecosystem to Flourish

July 5, 2017

(Image via http://maxpixel.freegreatpicture.com) The API for a service faces conflicting demands in order to deliver value to end users. It needs to be open to allow innovation by 3rd party app developers. This is necessary to meet niche customer needs and open new markets for your service beyond what an in house app development team could provide. Read Full Story

How Python Coders Tried to Kill my Supposedly Secure JavaScript API Service

June 15, 2017

One Developer's Bad Dream Disclaimer: No Python or JavaScript coders were harmed during the writing of this article. All actions involving coders were safely simulated and purely fictional. Read Full Story

Hands on Mobile API Security: Pinning Client Connections

May 31, 2017

Add TLS and Certificate Pinning While Removing Client Secrets The Hands On Mobile API Security: Get Rid of Client Secrets tutorial demonstrates how to improve API security by removing vulnerable API secrets from mobile apps. In the tutorial, you work with a simple photo client which requires an API key to access NASA’s picture of the day service. An API Proxy, introduced between your client and the picture service, removes the need for storing and protecting the API key on the client itself. Read Full Story

Hands on Mobile API Security - Using a Proxy to Protect API Keys

May 11, 2017

(UGC 12591: The Fastest Rotating Galaxy Known. Image Credit:NASA,ESA, Hubble) Read Full Story

Mobile API Security Techniques Part 3

March 7, 2017

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story

Mobile API Security Techniques Part 2

February 21, 2017

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story

Mobile API Security Techniques Part 1

January 24, 2017

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story

API Key Security with Approov

December 20, 2016

Are you an API consumer? Or, in other words, do your mobile apps use external APIs to provide content and functionality that engages with and excites your customers? If so, how do you prevent bad actors from stealing, or otherwise misusing, your access permissions? API security is a major challenge today. Read Full Story