• Upwardly Mobile - API & App Security News

  • 著者: Approov Limited
  • ポッドキャスト

Upwardly Mobile - API & App Security News

著者: Approov Limited
無料で聴く

  • サマリー

  • Dive into the high-stakes world of mobile app development and API security with Upwardly Mobile, your ultimate guide to defending apps in today’s volatile digital landscape. Hosted by Skye Macintyre and George McGregor, and proudly sponsored by Approov, the leaders in mobile app attestation and API security, this podcast unpacks the evolving threats and innovative solutions shaping mobile security.Explore why the built-in protections from tech giants like Apple, Google, and Huawei often fall short, leaving sensitive data vulnerable. Learn how advanced techniques—like runtime attestation and dynamic API security—thwart attackers and secure your app ecosystem. Each episode delivers insights into major data breaches, emerging trends, and actionable strategies to fortify your apps and APIs against ever-advancing cyber threats.From development best practices to navigating compliance and regulation, Upwardly Mobile equips mobile developers, security professionals, and tech enthusiasts with the knowledge to safeguard their creations. Stay informed, stay secure, and stay ahead with expert guidance on the future of mobile cybersecurity.Subscribe now on Spotify and Apple Podcasts, and elevate your security game!
    2024 Approov Limited
    続きを読む 一部表示

あらすじ・解説

Dive into the high-stakes world of mobile app development and API security with Upwardly Mobile, your ultimate guide to defending apps in today’s volatile digital landscape. Hosted by Skye Macintyre and George McGregor, and proudly sponsored by Approov, the leaders in mobile app attestation and API security, this podcast unpacks the evolving threats and innovative solutions shaping mobile security.Explore why the built-in protections from tech giants like Apple, Google, and Huawei often fall short, leaving sensitive data vulnerable. Learn how advanced techniques—like runtime attestation and dynamic API security—thwart attackers and secure your app ecosystem. Each episode delivers insights into major data breaches, emerging trends, and actionable strategies to fortify your apps and APIs against ever-advancing cyber threats.From development best practices to navigating compliance and regulation, Upwardly Mobile equips mobile developers, security professionals, and tech enthusiasts with the knowledge to safeguard their creations. Stay informed, stay secure, and stay ahead with expert guidance on the future of mobile cybersecurity.Subscribe now on Spotify and Apple Podcasts, and elevate your security game!
2024 Approov Limited
個人ファイナンス 政治・政府 経済学
続きを読む 一部表示
エピソード
  • Quokka: Mobile App Security Intelligence for Risk-Based Decisions

    Quokka: Mobile App Security Intelligence for Risk-Based Decisions
    2025/02/23
    In this episode, we explore how Quokka and Approov provide complete protection for mobile apps and APIs throughout the Software Development Lifecycle (SDLC)1.... Learn how to scan your app using Quokka to quickly identify vulnerabilities and inject security into the development process3. Discover how Approov adds Zero Trust protections against runtime attacks and gains continuous visibility to new threats4.

    Key Discussion Points:
    • The mobile threat landscape: Mobile apps are critical for businesses, but they are vulnerable to analysis, cloning, and hacking, which can lead to financial transaction interception, credential theft, and API targeting5. Current security approaches are insufficient, leaving gaps for attackers to exploit2.
    • Quokka's Mobile App Security Testing (MAST) Capabilities:
    ◦ Offers comprehensive app analysis including static (SAST), dynamic (DAST), interactive (IAST), and forced-path execution app analysis6.
    ◦ Scans apps quickly, even without source code, and works with the latest OS versions7.
    ◦ Reports vulnerabilities to specific library versions using SBOMs7.
    ◦ Validates apps against security and privacy standards like NIAP, NIST, and MASVS7.
    • Approov's Runtime App and API Security (RASP) Capabilities:
    ◦ Provides defence against runtime threats by validating each API request and checking for app modifications1.
    ◦ Offers dynamic protection and delivery of API keys and secrets at runtime1.
    ◦ Protects against fake and modified apps with runtime app attestation and authentication8.
    ◦ Detects runtime tampering, including jailbroken/rooted devices8.
    ◦ Blocks bots and fake apps from accessing APIs8.
    • Eliminating API Keys and Secrets:
    ◦ Quokka scans can identify exposed API keys or secrets in code9.
    ◦ Approov can remove these API keys from the code by delivering them just in time to verified apps and devices9.
    ◦ This "easy win" radically improves your security profile9.
    • Continuous Feedback Loop: Quokka and Approov create a dynamic feedback loop between testing and runtime validation, protecting applications throughout their lifecycle2. Approov provides real-time intelligence on device, app, and man-in-the-middle attacks, which can be fed back into the SDLC4.
    Actionable Insights:
    • Perform an initial Quokka scan to identify vulnerabilities3.
    • Implement Approov to remove exposed API keys and provide runtime protection9.
    • Use the insights from Approov to improve security in earlier stages of development4.
    • Integrate Quokka into CI/CD and DevSecOps tools10.
    Keywords:
    Mobile app security, API security, runtime protection, MAST, RASP, Quokka, Approov, zero-day vulnerabilities, SDLC, DevSecOps, API keys, secrets management, mobile threat landscape, app attestation, runtime tampering, SBOM, security standards, data privacy.

    Relevant Links:
    • Quokka Solutions: https://www.quokka.io/solutions/mobile-app-security
    • Approov: https://approov.io
    • Quokka Q-mast Mobile Application Security Testing: https://www.quokka.io/products/q-mast
    • Solution Brief - Quokka MAST with Approov RASP: https://info.approov.io/hubfs/White%20Paper/Landscape%20Approov%20Quokka%20Solution%20Brief%20v1.0c.pdf

    Sponsor:
    This episode is brought to you by Approov, the leader in runtime app and API protection. Approov ensures that only genuine and unmodified apps can access your APIs, preventing fraud and protecting your valuable data. Visit [approov.io](no source provided) to learn more.
    続きを読む 一部表示
    12 分
  • Zero Trust for Mobile Healthcare: Protecting ePHI on Personal Devices

    Zero Trust for Mobile Healthcare: Protecting ePHI on Personal Devices
    2025/02/19
    Zero Trust for Mobile Healthcare: Protecting ePHI on Personal Devices

    The proposed updates to the HIPAA Security Rule aim to address specific cybersecurity threats related to mobile devices and applications that access electronic protected health information (ePHI)1....

    These threats include:
    • Cloned/modified apps: Addressing the risk of fake apps that can download malware, viruses, or steal credentials to access backend systems3.... App attestation is suggested as a way to verify that apps accessing ePHI are genuine and unmodified5....
    • Device manipulation: Providing run time protection against device manipulation, where hackers can jailbreak or root devices and use tools to steal data or modify app operations7.... The proposal suggests continuous scanning for problematic software and real-time reporting of device environment states, with the ability to block requests from compromised devices8....
    • Man-in-the-middle attacks: Protecting against the interception and manipulation of mobile device communications to steal sensitive information7.... The proposal suggests the implementation of dynamic pinning on all communication channels used by healthcare apps, including to third-party APIs, as well as blocking tools that enable trust store manipulation or MitM attacks11....
    • API secret protection: Preventing hackers from using weaponized mobile apps to scale up attacks on critical APIs by stealing API keys7.... The proposal suggests that API keys for accessing ePHI APIs should never be stored in mobile app code, but delivered only as needed to verified apps via attestation15....
    • Identity exploits: Protecting against identity theft and credential stuffing attacks by using app and device attestation at run time for zero-trust protection7.... The proposal suggests tracking signs of identity abuse as a requirement for run time security monitoring17....

    Breach readiness and service continuity: Encouraging organisations to prepare for potential security incidents with protocols for addressing breaches, such as revoking access, quarantining affected systems and conducting investigations7.... It suggests that Incident Response plans should extend to third-party breaches and highlight the management of API Keys and certificates.

    Relevant links for the podcast:
    • Approov Limited:
    ◦Website: www.approov.io
    • OWASP MASVS (Mobile Application Security Verification Standard): Provides guidelines for mobile app security
    •NIST (National Institute of Standards and Technology): Cited in the context of incident response plans
    •HHS 405(d) Program: Offers health industry cybersecurity practices8....
    •Federal Trade Commission (FTC): Provides a guide for business security8....
    •Department of Health and Human Services (HHS): Offers Cybersecurity Performance Goals (CPGs)8....
    •ONC Health IT Certification Program: Maintained by the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC)10.
    • Regulations.gov: For the plain-language summary of the proposed rule and posted comments11:
    ◦ Go to https://www.regulations.gov and search for Docket ID number HHS-OCR-0945-AA22.
    続きを読む 一部表示
    13 分
  • HarmonyOS Next: A True Android Alternative?

    HarmonyOS Next: A True Android Alternative?
    2025/02/16
    Here are episode notes, SEO keywords, and hashtags, along with links to the source materials: Episode Notes: This episode explores Huawei's HarmonyOS, including the distinctions between traditional HarmonyOS and HarmonyOS NEXT. We discuss system architecture, performance enhancements, user experience, and security features. The episode further examines HarmonyOS in comparison to GMS Android and Non-GMS Android, focusing on compatibility and security issues. We also investigate the limitations of Huawei's HarmonyOS Safety Detect and compare it with mobile app security solutions like Approov.
    • We define GMS Android as devices with pre-installed Google Mobile Services, offering access to the Google Play Store and a vast app ecosystem.
    • Non-GMS Android devices lack Google services and rely on alternative app stores.
    • HarmonyOS is Huawei's operating system designed for a unified experience across devices.
    • HarmonyOS Next features a microkernel architecture, emphasizing performance and security.
    • HarmonyOS Safety Detect provides security features for app developers within the Huawei ecosystem.
    The episode also covers:
    • Performance enhancements in HarmonyOS NEXT, including a 30% increase in device fluency and a 10.7% boost in native performance.
    • The Star Shield architecture in HarmonyOS NEXT, which provides system-level protection against vulnerabilities.
    • Limitations of HarmonyOS Safety Detect, including its focus on the Huawei ecosystem and the need for broader security measures.
    Source Materials:
    • Comparing HarmonyOS NEXT to Traditional HarmonyOS: Features and Performance
    • Comparison of Mobile Operating Systems: GMS Android, Non-GMS Android, HarmonyOS, and HarmonyOS Next
    • Limitations of Huawei HarmonyOS Safety Detect
    続きを読む 一部表示
    20 分
activate_buybox_copy_target_t1

Upwardly Mobile - API & App Security Newsに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。

Audible.co.jp

Amazon.co.jp
レビューはまだありません。