The depth and scope of NowSecure Platform testing gives customers assurance that their mobile AppSec programs meet the highest industry standard.

Media Announcement
magnifying glass icon

Top 10 Recommended Sessions at RSA 2018 – Insiders Guide for Mobile App Security from Agile to DevSecOps and More

Posted by
Brian Reed NowSecure CMO

Brian Reed

Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV working with Fortune 2000 global customers, mobile trailblazers and government agencies. With more than 25 years building innovative products and transforming organizations, Brian has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a graduate of Duke University.

RSA is around the corner starting April 17th! To help plan your agenda, we have crafted our Top 10 Recommended Sessions at RSA 2018. These are the sessions we want to attend and recommend all leaders check out, especially if you are responsible for mobile security or app security…or both.

For Mobile Apps and IOT

IoT Trust by Design: Lessons Learned in Wearables and Smart Home Products
Why? Mobile+Wearables+Smart Technology all in one from Marc Bown of Fitbit, John Cook of Symantec and Jeff Wilbur leader of the Online Trust Alliance Initiative, Internet Society.

IoT Archaeology: Dig Security Lesson
Why? Great session name by Chad Childers Connected X Security, Ford Motor Company – and we love connected cars!

For DevOps and DevSecOps

DevOps and the Future of Enterprise Security
Why? Hear from Frank Kim the former CISO of SANS Institute and professor of appsec and DevOps who knows a thing or two about the subject.

Integrating Security with DevOps Toolchains
Why? Three examples of DevSecOps Toolchains with Aaron Rinehart the CSA from UnitedHealth Group and Chenix Wang “Queen of Security” and founder of the Jane Bond Project.

Continuous Security: Securing DevOps and Cloud-Native Environments
Why? The Who’s Who of Silicon Valley cloud companies that fundamentally depend on security with speed – Richo Healey of Stripe, Ryan Huber of Slack, Tom Daniels of Square moderated by Dino Dai Zovi.

For Advanced Security

Efficacy of Layered Application Security through the Lens of Hacker
Why? We totally agree on the need for layered defense with super smart info from both Dr. Bill Chen and Gyan Prakash the Chief Security Architects of Visa, Inc

Advanced Attack Surface Discovery and Exploitation
Why? Independent researcher Adrian Bednarek talks about app reversing which is our favorite subject – and our OSS tools Frida, Radare and r2Frida are here to help!

The New Landscape of Airborne Cyberattacks
Why? A dramatic number of mobile apps we test are exposed to OTA attacks. Check out this scary Bluetooth variant on the BlueBorne vector from Nadir Izrael and Ben Seri from Armis.

For Roles and Organizational Evolution

Scaling an Application Security Program at the IMF: A Case Study
Why? Great case study with Jason Li of EY and Majid Malaika of the IMF on real world experience shifting from occasional security testing to assurance across a full portfolio of apps.

The Emerging Product Security Leader Discipline
Why? We agree all product teams need an expert security leader embedded in the team and Matthew Clapham from GE Healthcare has blazed the path.

What else should be on your agenda at RSA?

Fundamentally RSA is about finding more paths to REDUCE RISK – from networking with your peers to connecting with industry leaders to sharing best practices to checking out new technologies. And we’ve found a ton of risk in mobile apps that far too many organizations are not aware of and not actively managing. But we’re here to help!

Talk about real technology risk? Earlier this spring we analyzed 45,000 3rd party mobile apps found in Apple App Store and Google Play and found some alarming stats. Over 85% of mobile apps fail the OWASP MASVS. Yep, that means 4 out of 5 mobile apps have one or more vulnerability that everyone should be concerned about. These mobile apps span messaging, productivity, organization intelligence, ERP, CRM, financials, travel, expensing, workforce management and more. Visit NowSecure in the North at booth 3229 to get a peek at the data and see where you are at risk.

Talk about real organizational risk? We have spoken to many CISOs over the past 6 months and all are finding significant challenges on the path to shift left. We’ve been part of some great successes and would like to share our real world experiences helping customers shift left with mobile app security. You can request an RSA meeting here to share the stories.

What’s new to show at RSA? We have two great ways to really dig into mobile app security and Mobile AST at RSA:

  1. We have major new innovation we will be announcing for deep, automated iOS app security testing that works on day 1 of any new mobile OS release. This blows away SAST and DAST. You won’t want to miss this! You can register for your exclusive demo here.
  2. Book a time for your free 3rd-party mobile app assessment to see what mobile apps from public app stores are putting your organization at risk. You can register for your exclusive assessment appointment here.

We hope you found our Top 10 Recommended Sessions at RSA 2018 valuable and insightful. We look forward to seeing you in San Francisco!