Paulo Renato Exadra37

WHY DOES YOUR MOBILE APP NEED AN API KEY?

The blog post can fe found here.

TLDR

Mobile apps are becoming increasingly important in the strategy of any company. As a result, companies need to release new application versions at a fast pace, and this puts developers under pressure with tight deadlines to complete and release new features very quickly.

HOW TO EXTRACT AN API KEY FROM A MOBILE APP WITH STATIC BINARY ANALYSIS

You can read the blog post here.

TLDR

An API key is probably the most common method used by developers to identify what is making the request to an API server, but most developers are not aware how trivial is for a hacker or even a script kid to steal and reuse an API key for unauthorized access to their APIs.

We will see how to grab an API key by reverse engineering the binary of a mobile app in an effective and quick way with an open source tool, and once we see how easy it can be, we will realize why it is even achievable by non developers.

SECURITY TOOLS

My personal list of security tools I recommend in the Approov Blog were I write articles as a Developer Advocate for security in Mobile and APIs.

API

MITMPROXY or Man In The Middle Proxy - Intercept traffic from a client consuming an API.
Fierce Domain Scanner - Enumerate hostnames for a domain.
Certificate Transparency Logs:

Web Interface:

APPROOV INTEGRATION IN A NODEJS EXPRESS API

The blog post can be found here.

TLDR

This walk-though will show us how simple it is to integrate Approov in a current API server using NodeJS and the Express framework.

We will see the requirements, dependencies and a step by step walk-through of the code necessary to implement Approov in a NodeJS Express API.

APPROOV INTEGRATION IN A PYTHON FLASK API

The blog post can be found here.

TLDR

This walk-though will show us how simple it is to integrate Approov in a current API server using Python and the Flask framework.

We will see the requirements, dependencies and a step by step walk-through over the code necessary to implement Approov in a Python Flask API.

	let Player = {

	player: null,

	init(domId, playerId, onReady){

	window.onYouTubeIframeAPIReady = () => {
	this.onIframeReady(domId, playerId, onReady)
	}

	defmodule Utils.TagsUnify do

	@moduledoc """
	This module unifies the given tags, by removing duplicates and merging the
	ones that are similar.

	## Examples

	iex> "My Elixir Status, my-elixir-status, myelixirstatus, MyElixirStatus" \|> Utils.TagsUnify.string()
	"MyElixirStatus"

	{
	"bootstrapped": true,
	"in_process_packages":
	[
	],
	"installed_packages":
	[
	"Alignment",
	"Blade Snippets",
	"CSS Format",

	$> tail -f -n 100 /var/lib/mysql/devint1.log

	...

	8941 Prepare select * from `stepFeed` where `productId` = ? limit 1

	8941 Execute select * from `stepFeed` where `productId` = '764773' limit 1

	<?php

	/**
	* @author Paulo Silva(Exadra37) <exadra37ingmaildotcom>
	* @since 2015/06/04
	*/

	abstract class BasicTestCase extends PHPUnit_Framework_TestCase // Orchestra\Testbench\TestCase for Laravel
	{
	/**