Mobile App Authentication

In a previous article, we discussed “When do we add security into our app and onto our APIs?” The conclusion was to do it as soon as possible! That said, there are still choices to be made so in this article we explore how you should decide on appropriate protections for your mobile app and APIs. Read Full Story

API abuse, when the API is used in an unexpected way, is a growing problem in software development and one of the leading attack vectors cybercriminals exploit. According to a recent security research report that surveyed more than 200 enterprise security professionals, there was a 21.32% growth in malicious API call volume between December 2020 and December 2021. The same study also established that 95% of respondents had suffered an API security incident in the past year. Read Full Story

As any mobile developer knows, APIs are the foundation of any mobile app strategy. They allow developers to quickly and efficiently access the data and functionality they need to build amazing apps. This article outlines a 5 step checklist to make sure your mobile platform is adopting best practice security. Read Full Story

Whether you are a brand new company bringing a mobile-centric digital service to market, or an established company introducing a new mobile offering, there will - hopefully - come a time when someone asks “When do we add security into our app and onto our APIs?” In this article we explore this question and provide some guidance on how to reach the right conclusion for your business. Read Full Story

    After a couple of false starts, we are finally emerging from behind the shadow of the Covid pandemic. Some businesses prospered explosively during it as people suddenly needed to access key services remotely, such as the fintech and healthcare sectors; others were forced to deal with an almost instant switch-off of commercial activity, for example the travel and tourism markets. In this article we will look at the travel sector and anticipate what kinds of security challenges might lie ahead as the market evolves and recovers. Read Full Story

In the third part of this article series, we will look at the component parts of a shielding approach for APIs which service mobile apps and provide some guidance about what to consider when deploying a protective shield around your mobile business.  Read Full Story

In the second part of this article series, we are going to explore what shielding of APIs connected to mobile apps actually means. To provide some context, we will also look at how the bad guys approach attacking the APIs that connect with your mobile apps. Read Full Story

In this series of articles, we are going to explore the why, what, how and when of shielding APIs that service mobile apps. Increasingly, mobile represents a special case when it comes to security and we will make the case for some explicit steps you should take if you are working within a company that relies on mobile apps to conduct its business. Read Full Story

As I explained in a previous blog about the FHIR API Research Alissa Knight recently completed, “Shift Left, but Shield Right” is a strategy Alissa recommends to address the issues she uncovered in the mobile apps she tested.  Read Full Story

Many digital companies describe their platforms as being protected by ‘bank-grade security’. In this article, we will examine what is meant by this term and whether or not you should be comforted by it. Read Full Story