In this episode, we explore how Quokka and Approov provide complete protection for mobile apps and APIs throughout the Software Development Lifecycle (SDLC)1.... Learn how to scan your app using Quokka to quickly identify vulnerabilities and inject security into the development process3. Discover how Approov adds Zero Trust protections against runtime attacks and gains continuous visibility to new threats4.

Key Discussion Points:
• The mobile threat landscape: Mobile apps are critical for businesses, but they are vulnerable to analysis, cloning, and hacking, which can lead to financial transaction interception, credential theft, and API targeting5. Current security approaches are insufficient, leaving gaps for attackers to exploit2.
• Quokka's Mobile App Security Testing (MAST) Capabilities:
◦ Offers comprehensive app analysis including static (SAST), dynamic (DAST), interactive (IAST), and forced-path execution app analysis6.
◦ Scans apps quickly, even without source code, and works with the latest OS versions7.
◦ Reports vulnerabilities to specific library versions using SBOMs7.
◦ Validates apps against security and privacy standards like NIAP, NIST, and MASVS7.
• Approov's Runtime App and API Security (RASP) Capabilities:
◦ Provides defence against runtime threats by validating each API request and checking for app modifications1.
◦ Offers dynamic protection and delivery of API keys and secrets at runtime1.
◦ Protects against fake and modified apps with runtime app attestation and authentication8.
◦ Detects runtime tampering, including jailbroken/rooted devices8.
◦ Blocks bots and fake apps from accessing APIs8.
• Eliminating API Keys and Secrets:
◦ Quokka scans can identify exposed API keys or secrets in code9.
◦ Approov can remove these API keys from the code by delivering them just in time to verified apps and devices9.
◦ This "easy win" radically improves your security profile9.
• Continuous Feedback Loop: Quokka and Approov create a dynamic feedback loop between testing and runtime validation, protecting applications throughout their lifecycle2. Approov provides real-time intelligence on device, app, and man-in-the-middle attacks, which can be fed back into the SDLC4.
Actionable Insights:
• Perform an initial Quokka scan to identify vulnerabilities3.
• Implement Approov to remove exposed API keys and provide runtime protection9.
• Use the insights from Approov to improve security in earlier stages of development4.
• Integrate Quokka into CI/CD and DevSecOps tools10.
Keywords:
Mobile app security, API security, runtime protection, MAST, RASP, Quokka, Approov, zero-day vulnerabilities, SDLC, DevSecOps, API keys, secrets management, mobile threat landscape, app attestation, runtime tampering, SBOM, security standards, data privacy.
        
Relevant Links:
• Quokka Solutions: https://www.quokka.io/solutions/mobile-app-security
• Approov: https://approov.io 
• Quokka Q-mast Mobile Application Security Testing: https://www.quokka.io/products/q-mast
• Solution Brief - Quokka MAST with Approov RASP: https://info.approov.io/hubfs/White%20Paper/Landscape%20Approov%20Quokka%20Solution%20Brief%20v1.0c.pdf

Sponsor:
This episode is brought to you by Approov, the leader in runtime app and API protection. Approov ensures that only genuine and unmodified apps can access your APIs, prevent