API Abuse through Mobile Apps: New Attacks, New Defenses

Posted on in Presentations

Planning on introducing a mobile app into your product mix? Expect new attacks on your API infrastructure. Help Shipfast and ShipRaider battle for control of a driver delivery app by exploiting API keys, OAuth2 user authorization, TLS certificate pinning, HMAC call signing, app shielding/hardening, app attestation and more. Overview the unique challenges of API security with mobile clients.

Pre-Requisites: Understanding of basic API request/response operation in HTTP environments. Any exposure to REST, GraphQL, gRPC, streaming, or pub-sub communication is sufficient. Conceptual familiarity with user authentication, API keys, call authorization, and TLS concepts will help. Detailed understanding of Android, iOS, or backend server programming is NOT required.

Skip Hovsmith


Principal Engineer, CriticalBlue

Mobile & IoT Security Identity Hackers & Threats DevSecOps & Application Security

mobile security hackers & threats endpoint security authentication application security



Share With Your Community