Explore the critical issue of API underprotection in this 37-minute conference talk from AppSecUSA 2017. Delve into the challenges posed by RESTful Web APIs becoming the backbone of modern web communication and the security risks they present. Learn about potential threats from insufficient API security, emerging security technologies, and the complexities of API-consuming clients. Examine the differences between software authorization via static API keys and user authorization through OAuth2. Gain practical advice on improving mobile app security when accessing APIs, including code examples for concealing access credentials and implementing TLS pinning. Discover advanced techniques like app hardening, white box cryptography, and software attestation for crucial mobile application security. Walk away with a comprehensive understanding of the underprotected API problem, practical tips for enhancing API security, and knowledge of emerging tools and technologies for significant security improvements. Read more