Promon Launches App Attestation, the Security Solution Safeguarding Against API Injection Attacks
The latest addition to Promon SHIELD™ will provide a robust defense to organizations’ API ecosystems, securing their applications against an increasing number of API-based threats
OSLO, 6 JUNE 2023 – Promon (www.promon.co), the leading provider of application shielding technology, today announces the launch of Promon SHIELD™ App Attestation to help businesses verify the integrity and authenticity of mobile applications accessing their Application Programming Interfaces (APIs), the set of rules and protocols that allows different software applications to interact.
The rapid growth of APIs, driven by increased digital connectivity and integration demands, has introduced escalating security concerns. Cyber attackers can abuse API calls using fake apps or compromised devices, leading to unauthorized data access, malicious code injection, system disruptions, and even man-in-the-middle attacks. Thus, it is crucial to ensure that APIs are used exclusively by intended endpoint applications under strict adherence to proper security policy checks.
Hybrid applications make it vital to have only trusted sources accessing your APIs. Doing so not only ensures the data being transmitted between the mobile app and backend systems remains secure and confidential but also protects against malicious activity and ensures regulatory compliance.
Moreover, unlike the ‘static’ attestation approach used by Apple and Google, which is limited to session-based verification typically at launch, Promon SHIELD™ App Attestation is transaction-based and validates continuously, on demand. As a result, the integrity and authenticity of the app are verified in real-time, providing a higher level of security and protection against potential tampering.
With the integration of Promon’s App Attestation module, Promon SHIELD™ will include rooting (or jailbreaking) detection and, by design, will not trust a device’s operating system. It will also check for the presence of hooking frameworks (tools used to intercept, modify, and redirect events in a running mobile application), and perform checks for repackaging, a technique that allows bad actors to take an existing piece of software, such as a mobile application, and inject their own code on top of the existing source code.
The SHIELD™ App Attestation module is also agnostic from iOS and Android and operates an independent stack of cryptography protected with Promon SHIELD™ to ensure self-protection and prevent repackaging.
“The launch of our App Attestation module marks a significant step in API security,” said Gustaf Sahlman, CEO of Promon. “We understand the increasing challenges businesses face in protecting their digital assets, such as applications in the field and APIs from unauthorized access, injection attacks, and data tampering. Promon SHIELD App Attestation strengthens our customers’ security posture and facilitates compliance. By prioritizing security and privacy, we empower organizations to build trust with their users and customers, fostering long-term loyalty and driving business growth.”
Promon is a leader in Application Shielding and runtime security for mobile applications. The company works across a range of industries with a variety of global tier 1 clients, counting customers in industries such as banking and finance, gaming, health, and the public sector. Promon’s patented In-App Protection technology Promon SHIELD™ protects apps used by almost one billion people. Promon is headquartered in Oslo, Norway, and has offices in Asia, the US, Germany, the UK, and India. Visit www.promon.co to learn more.