API World -- PRO Stage 1

Join on Hopin

Wednesday, October 28, 2020

PRO SESSION (API): Mobile Client API Protection - More Than User Credentials
Skip Hovsmith
Skip Hovsmith
CriticalBlue, VP Americas and Principal Engineer

Planning on introducing a mobile app into your product mix? Expect fresh attacks on your API infrastructure. User credentials try to identify who is calling your API, but they are a frequent target for hackers. Often overlooked is the importance of identifying, not just who, but what is calling your API - is it your authentic, untampered app running in a clean and secure environment, or is it a fake app or malicious bot? Can a hacker get between app and API backend in an insecure channel? These techniques complement user authentication and AI and traditional backend protections to ensure your APIs are not being abused. We'll use the context of a ride-sharing app to show how layering just a few additional techniques bolster both the strength and the determinism of your overall API security.