Posts Tagged: vulnerabilities

9 Questions for Top-Level API Security Auditing

One of the most important things any API developer can realize is the fact that, as a data handler, they have some of the most important legal and moral requirements towards their data subjects of any technically oriented organization.

The fact that consumers entrust developers with their data at all is predicated upon the idea that this data will be secured, that the API itself will be bolstered against attacks, and that the API provider is doing everything within their power to continually secure themselves against potential threats. Read more

How to Safely Throttle High Traffic APIs

Too much traffic can be a dangerous thing. To many application developers, this seems like a good problem to have – traffic is exactly what you want for your service, so accordingly, the more the better. The simple truth is, however, that too much of a good thing can be very dangerous – and in the API space, this can have dramatic effects. Read more

Don’t Let API Changes Hit You Like A Freight Train!

Most web applications, and many mobile applications, rely on 3rd party APIs like social login, cloud storage, email, messaging, CRM etc. The benefits are obvious, and for some applications the API integration is a core element. However, the API dependency does make applications more vulnerable to change — one small change to an API can break an entire app. Read more

Review of Approov for Mobile API Security

Unfortunately, the reality of mobile apps is that at some point, someone is going to try to do something they’re not allowed to. Whether this is through brute-forcing keys, spoofing identities, or simply issuing distributed attacks across the application’s server dependencies, the threat to public-facing APIs in the mobile space is real, dangerous, and often inefficiently mitigated. Read more

How Pokemon Go fans hacked 'em all hackers

How Pokémon Go Fans Hacked ‘Em All: And How to Prevent Similar Reverse-Engineering

Every developer hopes for huge user bases populated by large amounts of monthly users. People using an application to its potential in the thousands, if not hundreds of thousands, is a dream come true. Unfortunately for API services, with a greater deal of exposure comes a marked increase in vulnerability. Read more