Approov, creators of advanced mobile app and API shielding solutions, today introduced Approov Runtime Secrets Protection, enabling comprehensive protection of the API credentials and secrets that are typically targeted by threat actors for malicious exploitation.
Recent breaches have highlighted the risk of stolen keys and secrets being exploited by hackers. It is clear that such secrets are not being effectively protected at rest and in transit, resulting in bad actors acquiring them and exploiting them to access APIs and applications.
The wide use of third-party APIs by mobile apps adds another dimension to the problem. Mobile app developers can suffer both financial losses and brand reputation damage if they are seen to be the cause of 3rd party app breaches or service disruptions caused by Distributed Denial of Service (DDoS) attacks using stolen secrets.
Recent research from Osterman Research illustrates the extent of the issue:
“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code,” Michael Sampson, senior analyst at Osterman Research, said. “These two things together constitute a massive attack surface for bad actors to exploit. And third-party API threats against mobile apps aren’t as well understood by companies as they should be. The new functionality from Approov allows API keys to be managed and updated dynamically and ensures they are never extractable from the app. This is a major step forward in protecting APIs from abuse.”
Developers have frequently been urged not to store hard coded keys in a mobile app or device, but as the research shows this “best-practice” is not widespread, since up to now, there has been no easy way to conveniently store such secrets safely outside the app code.
Introducing Approov Runtime Secrets Protection: Just in Time Keys Secrets That Thwart Mobile API Attacks
This is why Approov is releasing new functionality in Approov 3.0 which addresses this issue by making management of API keys and other secrets easy and secure, at rest, or in transit.
Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.
All secrets are stored by the Approov cloud service and are easy to manage dynamically. If changes to these are needed, they are easily and immediately changed across all deployed apps, preventing abuse.
This approach marks a major improvement over keys that are hard coded in the app itself, because should those keys be “leaked” the app must be updated with an entirely new version – a process which is complex and time-consuming, and involves juggling new and old keys during the time it takes for the installed base to be transferred to the new version.
Upcoming Webinar
Join the live webinar from Approov on June 9th “Best Practices for Secure Access of 3rd Party APIs from Mobile Apps” which will discuss the reputational and financial risks associated with API use and how to mitigate those risks. Sign up here.
Pricing and Availability
The pricing of the Approov solution is designed to be completely aligned with your business growth, based on the number of genuine active apps in a monthly billing period. Approov 3.0 is available now.
HP Announces New Spectre And Envy Laptops
Posted in Commentary with tags HP on May 19, 2022 by itnerdHP Inc. today debuted its newest HP Spectre and HP Envy laptops built with the flexibility to create and live seamlessly in today’s hybrid world.
The last few years have seen the rise of the creator economy, introducing endless possibilities for people topursue their passions as a part-time or full-time opportunity. Sixty-eight percent of creators started or expanded their freelance business during the pandemic, with 98% of them monetizing their content creation part-time. These hustlers need tools that allow them to collaborate with others easily as 56% of creators feel less engaged with the speaker if their video is turned off. And performance equals productivity, which is why 60% of creators prize performance in a computer.
Create in a smooth, seamless, and collaborative way with the newest lineup of Spectre and Envy PCs. These devices are built with HP Presence and HP GlamCam to deliver amazing video and audio call experiences, with features like:
No matter what type of creator you are, performance is key. The newest Spectre and Envy PCs offer a wide range of options including processors, displays, and more to make sure your device fits how you want to use it. This includes:
Not only do creators need great battery lifeto power their creations, they also need all the tools at their disposal to extend the charge on their battery. Available on devices with Intel processors, HP offers intelligent power management features:
Creation isn’t just limited to one device.More than 60% of creators use more than two devices to create. And 60% said that computers can go from good to awesome through great software. The new Spectre and Envy devices all come with HP Palette pre-installed, a proprietary digital workspace to help simplify the creative flow and allows you for smooth cross-device collaboration.Find any face in photographs with HP PhotoMatch. Enjoy infinite, flexible sketching with Concepts. Drop anything to any device seamlessly, wirelessly with HP QuickDrop. Expand your workspace, connect to another device for more creative options with Duet for HP.
Today everybody is a creator, and HP has created the perfect device for you to create and collaborate that fits the way you work and play:
Sixty-six percent ofconsumers consider sustainability when they make a purchase and 81% expect to buy more environmentally friendly products over the next five years. Building on the world’s most sustainable PC portfolio, all of today’s announced PCs are crafted from recycled metal and ocean-bound plastics and are EPEAT® Gold Certified and ENERGY STAR® rated.
Leave a comment »