Posts Tagged: Security

Review of Approov for Mobile API Security

Unfortunately, the reality of mobile apps is that at some point, someone is going to try to do something they’re not allowed to. Whether this is through brute-forcing keys, spoofing identities, or simply issuing distributed attacks across the application’s server dependencies, the threat to public-facing APIs in the mobile space is real, dangerous, and often inefficiently mitigated. Read more

How to Handle Batch Processing with OAuth 2.0

Recently on the Nordic APIs channel we’ve had a few people ask — how do you handle batch processes that are secured with OAuth 2.0? Batch requests are ones executed automatically or programmed to repeat recurringly.

Usually we use OAuth to confirm user identity for API calls, but the problem is that OAuth 2.0 isn’t really designed for batch processing. Read more

How Pokemon Go fans hacked 'em all hackers

How Pokémon Go Fans Hacked ‘Em All: And How to Prevent Similar Reverse-Engineering

Every developer hopes for huge user bases populated by large amounts of monthly users. People using an application to its potential in the thousands, if not hundreds of thousands, is a dream come true. Unfortunately for API services, with a greater deal of exposure comes a marked increase in vulnerability. Read more

Tips and Tools for Debugging APIs

Tips and Tools for Debugging APIs

Benjamin Franklin once famously said “in this world nothing can be said to be certain, except death and taxes”. For the software developer, the saying should be amended to read “except death and taxes — and software bugs.”

It’s an unfortunate fact that the very nature of software development, especially in the collaborative environments popular amongst coders and companies today, makes software bugs inevitable. Read more