AppiCrypt makes protecting your backend API easy by employing the mobile app and device integrity state control, allowing only genuine API calls to communicate with remote services. By generating a unique app cryptogram evaluated by a script on the backend side, AppiCrypt can detect whether RASP (Runtime Application Self-Protection) was overcome. Our unique approach to Cloud web application and API protection (WAAP) makes it hard to break. In addition, it’s also lightning-fast and easy to integrate.
AppiCrypt provides fine-grained details about detected threats, device identity, and HW details. It enables the user and session binding to address the most sophisticated attacks like session hijacking.
AppiCrypt is a generic solution for all types of iOS and Android devices without dependency on Google Play or other OEM services. Integration takes only a few days.
It doesn't require any integration with external APIs. It ensures low latency and doesn't introduce a single point of failure. The cryptogram is verified by locally running a simple script on the customer backend.
AppiCrypt ensures that only genuine mobile applications have the right to communicate with protected remote services.
It's important to keep in mind that a mobile app installed on a user's device is running in an uncontrolled and untrusted environment. The mobile app is an easy target of reverse engineering, compromising all hard-coded API keys or client authentication materials and creating an opportunity for attackers to abuse remote services. In today's zero-trust world, there is a clear need for adequate defense against these threats.
The typically used solution is to employ RASP defenses. While this may dissuade some attackers, a qualified reverse engineer can overcome the detection of root/jailbreak, hooking, and other controls of any RASP technology. By design, the reverse engineers can find a place in the code where the RASP control resides and “cut it out” if they invest enough time to explore the application. Any successful attack can result in severe damage to your brand and reputation.
AppiCrypt goes beyond common Web Application Firewall and API gateway solutions and provides complex client integrity control, DDoS protection and bot management. With fine-grained application security intelligence for backends and cryptographic integrity control of the mobile endpoint, AppiCrypt is the obvious choice when looking for reliable and secure Cloud WAAP.
In contrast to other vendors, we have an additional layer of protection - AppiCrypt. This technology implies that RASP SDK generates a unique cryptogram unreadable to attackers but readable for a simple script linked to the API gateway on the backend.
The idea behind this technology is not just to protect API but to let your backend know that RASP controls were overcome or turned off by attackers. So gateway can easily block the session if the App integrity is compromised, and only in the case that RASP control passed can API calls be processed by backends.
In combination with Talsec RASP and Talsec Hardening Suite, AppiCrypt covers most of the OWASP Top 10 mobile security risks. This multi-layered defense offers additional protection against threats not included in the OWASP list.
AppiCrypt protects your app from:
Botnets and Fake Registrations
Brute Force Attacks
The true strength of AppiCrypt lies in its ability to protect multiple application domains. Be it an iPhone, iPad, Amazon Fire Tablet, EMV POS Terminal, or Kiosk. You can use the same AppiCrypt and its backend component. If you need protection in every possible environment, AppiCrypt is the right solution for you.
Android, iOS, Flutter apps
Performance Critical Apps
EMV POS Terminals, Self-service Tablets, Kiosks
Amazon Fire Tablets, Huawei & Honor Devices
There has been a long-standing need to protect APIs against malicious requests and reverse-engineering attempts for the past years. APIs have become an attractive target...Continue reading ➝
John is the creator of a popular app BetterVision, for the blind and visually impaired. There is a good reason for the over 100K installations John’s creation has achieved...
AppiCrypt aims at API vulnerabilities that WAF and API gateway solutions cannot address as they lack client integrity controls.