Approov API Protection

How to eliminate Man-in-the-Middle attacks completely from Mobile Apps and APIs

October 7th at 10am PST, 1pm EST, 6pm BST, 7pm CEST

Protecting the channel between your mobile apps and your APIs is critical, but there are different and sometimes conflicting views on how it should be done. One thing that is clear is that plain old TLS is not enough. We found that critical financial services and healthcare apps are still open to attack. Why is there no consensus on the right way to protect the API channel, and more importantly, is it possible to find a way forward and a set of best-practices which you can implement in your organization? The good news is that we can make MitM attacks a thing of the past.

What you will learn:

  • The MitM attack surface - the risks of exposure and the challenges in protecting the channel from mobile app to API
  • To pin or not to pin? The pros and cons
  • Why mobile apps are different from browsers
  • Pinning certificates versus pinning public keys
  • The way forward: approaches to locking down the channel in a way that is easy to manage
  • Tools to help you setup and manage the security of the mobile channel to your APIs
Richard Taylor
Richard Taylor
Richard is co-founder and CTO of Approov. He manages the Approov engineering team and in that role, he is responsible for the design, technical architecture and operation of the service.
Skip Hovsmith
Skip Hovsmith
Skip heads the US team, and is based in California. His focus is on helping customers secure API usage between mobile apps and their backend services. He is a frequent speaker at mobile, API and security conferences.

Copyright © 2021 CriticalBlue, Ltd. All Rights Reserved.