Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security...
Stay up to date on Mobile App and API Security with our Blogs
Blogs on BOLA
Posts on
- API Security (154)
- Mobile App Authentication (93)
- Mobile App Development (82)
- Mobile Security (75)
- Threats (67)
- API Abuse (62)
- Mobile App Security (61)
- Integration (54)
- API Keys (51)
- API (48)
- MitM Attack (45)
- Bots (39)
- Business (38)
- Certificate Pinning (32)
- Reverse Engineering (31)
- Quickstart (23)
- Healthcare (21)
- TLS (21)
- Android (20)
- Backend (20)
- Repackaged Apps (20)
- Fintech (18)
- iOS (17)
- App Attestation (16)
- Mobile API Security (16)
- Scrapers (14)
- Mobility (13)
- RASP (12)
- News (9)
- Android Security (8)
- Fake Accounts (8)
- Third Party APIs (8)
- Zero Trust (8)
- Gaming and Gambling (7)
- API Gateway (6)
- Account Hijacking (6)
- Man-in-the-Middle attack (6)
- ReactNative (6)
- Run-time Secrets Protection (6)
- Automotive (5)
- HarmonyOS (5)
- Mobile Health (5)
- OAuth2 (5)
- Reverse Proxy (5)
- Apple (4)
- Code Obfuscation (4)
- Google (4)
- OWASP (4)
- Retail (4)
- Aggregators (3)
- CheatingAsAService (3)
- Mobile App Distribution (3)
- SafetyNet (3)
- Token-Based API Access (3)
- Web Security (3)
- gRPC (3)
- App Store (2)
- Cloud (2)
- Cordova (2)
- Cross-Platform (2)
- Huawei (2)
- Mobile Banking (2)
- Mobile Finance (2)
- Mobile Payment Security (2)
- Pentesting (2)
- SDLC (2)
- AWS (1)
- Account Takeover (1)
- App Shielding (1)
- BOLA (1)
- Connected Cars (1)
- Credential Stuffing (1)
- DMCC (1)
- Data Security (1)
- DeviceCheck (1)
- E-Commerce (1)
- Frida (1)
- Frontend (1)
- Google Play (1)
- Runtime Application Self-Protection (1)
- SDK (1)
- Smartphone Act (1)
- WAAP (1)
- WAF (1)
- over-the-air updates (1)
Popular Posts
- How to Bypass Certificate Pinning with Frida on an Android App
- How to Extract an API Key from a Mobile App by Static Binary Analysis
- Revealing the Limitations of Apple DeviceCheck and Apple App Attest
- How to MitM Attack the API of an Android App
- Why Does Your Mobile App Need an API Key?
- Securing HTTPS with Certificate Pinning on Android
- The Limitations of Google Play Integrity API (ex SafetyNet)
- 5 Threats to Mobile Games and 5 Essential Security Measures
- How Poor API Security Led to Major Breaches in 2024
- How to Protect Against Certificate Pinning Bypassing
- Limitations of Huawei HarmonyOS Safety Detect: What You Need to Know
- How to Use Code Obfuscation to Hide Secrets in Your Mobile App
- Steal That API Key with a Man in the Middle Attack
- How to Ride the Bus for Free (Hackers Need Not Apply)
- Epic Games Won Against Google but Lost to Apple - What are the Implications?