Posts about

Certificate Pinning

How Can I Protect My Mobile API?

May 26, 2022

As any mobile developer knows, APIs are the foundation of any mobile app strategy. They allow developers to quickly and efficiently access the data and functionality they need to build amazing apps. This article outlines a 5 step checklist to make sure your mobile platform is adopting best practice security. Read Full Story

What Are the Most Common Types of Mobile Man-in-the-Middle Attacks?

May 18, 2022

A Man-in-the-Middle attack can come in multiple forms. This article describes these and how you can mitigate such attacks. Read Full Story

What Does Certificate Pinning Protect Against?

May 17, 2022

Certificate pinning is a security measure that mobile app developers can use to improve the security of their apps. It ensures that your app only connects with a backend API via TLS if the presented certificate chain includes at least one certificate public key that is known to be trusted. This means that the app is not simply reliant on the contents of the trust store on its device, but also requires an additional level of verification. Read Full Story

How is Certificate Pinning Done?

May 17, 2022

Certificate Pinning is a security technique that involves binding a cryptographic certificate to a specific host or domain. This ensures that the app and server communications are protected from man-in-the-middle attacks. Developers can use Certificate Pinning to safeguard against malicious certificates and ensure that only certificates issued by a trusted Certificate Authority (CA) are accepted. When used correctly, Certificate Pinning can be an effective security measure.  Read Full Story

The Risks & Rewards of Travel by Mobile

May 12, 2022

    After a couple of false starts, we are finally emerging from behind the shadow of the Covid pandemic. Some businesses prospered explosively during it as people suddenly needed to access key services remotely, such as the fintech and healthcare sectors; others were forced to deal with an almost instant switch-off of commercial activity, for example the travel and tourism markets. In this article we will look at the travel sector and anticipate what kinds of security challenges might lie ahead as the market evolves and recovers. Read Full Story

Shielding APIs that Service Mobile Apps: Part 3 - How?

February 22, 2022

In the third part of this article series, we will look at the component parts of a shielding approach for APIs which service mobile apps and provide some guidance about what to consider when deploying a protective shield around your mobile business.  Read Full Story

Shielding APIs that Service Mobile Apps: Part 2 - What?

February 15, 2022

In the second part of this article series, we are going to explore what shielding of APIs connected to mobile apps actually means. To provide some context, we will also look at how the bad guys approach attacking the APIs that connect with your mobile apps. Read Full Story

Hacking Financial APIs - New Report, Familiar Results

January 20, 2022

Alissa Knight’s latest security research report “Scorched Earth” was recently released. In this blog we’ll look at 3 key themes from the report and the immediate mitigations that banks, crypto companies and fintechs should implement. Read Full Story

What is Bank-Grade Security and is it Enough for 2022?

December 8, 2021

Many digital companies describe their platforms as being protected by ‘bank-grade security’. In this article, we will examine what is meant by this term and whether or not you should be comforted by it. Read Full Story

FHIR API Security Research - 3 Immediate Actions For Mobile Healthcare Companies

November 22, 2021

Considering the recent “Playing with FHIR” research report together with the earlier “All that We Let In” research report (which looked at the state of mHealth app/API security), it would be understandable if healthcare organizations were unsure of what immediate actions they should take. In this article we will focus on healthcare service companies who have patient or clinician mobile apps, for whom we will recommend 3 immediate steps which should be taken today. Read Full Story