Practical Implementation of Good Security Hygiene for Mobile Apps

We all know that we shouldn’t store secrets in mobile apps, but what is the practical alternative? We all know that we should use certificate pinning for our APIs, but how can it be done simply and safely? This talk will describe a real project to explore some of the challenges of implementing good security practice in a large organization and discuss a third-party solution (Approov) which addresses both of the issues above in a relatively simple way using industry standards and working neatly with Kong.

Approov is an API security solution which attests that API requests have come from genuine mobile app instances, ensuring that bots, scripts and re-packaged apps can’t communicate with backend systems. Further, Approov includes a dynamic pinning capability which makes implementing and managing pinned connected much easier than has previously been possible.

Approov’s Kong plugin enables the benefits of Approov without the need to modify backend systems, blocking all bots and scripts even if they present valid credentials. Join this session to learn how to improve security hygiene significantly with minimal effort.