APIs are inherently vulnerable to attacks
APIs are integral to most applications, but also offer easy entry points for threat actors looking for ways to take advantage of and misuse your services. Hardcoding API keys or other credentials into application code is one of the four most common API vulnerability paths. API leakage into the public domain can cost businesses significant losses in lost revenue, service downtime and brand reputation
The risks of poor API protection
- Hackers can decompile your code and search for your API keys
- Data breaches, GDPR fines, and a damaged brand reputation for the targeted company
- If an attacker gets access to keys, they can extract them and, for example, build new software that impersonates the real app to make arbitrary API calls
How Promon SHIELD™ app attestation protects your APIs
Promon SHIELD™ offers a unique solution to the difficult challenge of protecting your APIs from becoming entry points for threat actors. With app attestation, a challenge-response authentication is employed, so you can be sure that the API call is coming from a whitelisted application, and that the device is secure. Each challenge-response is unique, introducing an unknown element for the hacker, which lowers the risk of threats such as replay attacks. With Promon SHIELD™ app attestation protection in place, even leaked API’s and keys in the public domain are rendered not exploitable.
With Promon SHIELD™ app attestation:
- You have full control over the back-end, which APIs that should be protected and which API calls to accept
- Fully supported cross-platform integration into the back-end of your choice
- Light touch integration for iOS and Android applications
- You host the solution yourself, giving you power to make the right business decisions
How to enhance your API protection
In addition to offering comprehensive API protection through app attestation, our whitebox-backed security solutions can help enhance your API protection even more.
Secure Application ROM (SAROM) is a feature of Promon SHIELD™ which offers a simple solution to a challenge that is difficult to solve on any mobile platform – protecting specific assets in a published app.
Secure Local Storage (SLS) is a feature of Promon SHIELD™ that offers security features which provides app developers with the ability to store app secrets, such as session tokens, personally identifiable information, API keys and more, locally on the end-user device.
According to Gartner, hardcoding API keys or other credentials in web and mobile applications is one of the four most common API vulnerability paths, and the method makes such secrets subject to decompiling attacks.Gartner. “API Security: What You Need to Do to Protect Your APIs.” Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne