API Security (2)

Alissa Knight released her report “Playing with FHIR” a couple of weeks ago (download it here) about her investigations into the security of healthcare apps and APIs which use the FHIR standard. This report has certainly sparked a lot of debate about the security of healthcare apps and a broader discussion about who is accountable for keeping patient data safe as the ecosystem expands. The bottom-line is that everyone in the healthcare ecosystem needs to take steps to shield their APIs immediately. Read Full Story

One of the key, if sometimes overlooked, features of Approov is its integrated support for dynamic certificate pinning. In this blog we explain how it works and its numerous advantages. Read Full Story

In this blog we introduce our new mobile certificate pinning configuration tool. This free web tool allows you to automatically generate the configuration required to pin your mobile app connections, providing an additional layer of security.  Read Full Story

Editor's note: This post was originally published in September 2021 in Threatpost. Data breaches and hacking put internet users at risk of account takeover, if cyber-criminals successfully gain access to valid login credentials. There are reckoned to be in excess of  8.4 million discrete passwords currently circulating online, over 3.5 billion of which are tied to active email addresses. Read Full Story

In this article, we’ll be looking at the role that mobile health or mHealth apps and Application Programming Interfaces (APIs) are playing in remote care of the elderly. We shall also consider the vulnerabilities that can afflict these digital platforms, as well as remedial measures and best practices for dealing with these issues. Read Full Story

Editor's note: This post was originally published in September 2021 in Threatpost. There are two essential elements driving progress in today's digital-first economy: Mobile applications and APIs. An API (Application Programming Interface) is software that allows applications to communicate and exchange data with each other.  Read Full Story

We have released a short video that demonstrates how fake apps can be used to commit fraud against your business and how Approov can help your organisation to fight back against these fake and/or repackaged apps. Read Full Story

The AWS API Gateway platform aims to act as the front gate for APIs hosted in AWS, on premise, or even in other cloud services. The fully managed platform allows developers to create, publish, maintain, monitor and secure APIs at any scale. Read Full Story

Editor's note: This post was originally published in July 2021 in ToolBox. Back in 2017, Gartner predicted that API abuse would be the most frequent attack vector for data breaches by 2022. Two years later, when exposed APIs already made up 40% of the attack surface for web-enabled applications, the research and advisory company estimated that figure to soar to 90% by 2021.  Read Full Story

Penetration testing (Pentesting) is a well understood process for validating network security. The requirements and desired outcomes have been developed over time and are generally clear. However the existence of a mobile channel changes the picture. In this article we tap into our experiences (good and bad) of working with pentesters to validate and verify the efficacy of our customers’ mobile business protection. Read Full Story