Thousands of developers and security experts will descend upon San Jose, Calif., next week for the OWASP AppSec USA conference and we look forward to joining them there. There’s still time to book a meeting to discuss mobile appsec trends and best practices with the NowSecure experts, or stop by Booth P9 just to say hi.
In addition to the stellar pre-conference training classes offered Monday through Wednesday, the main conference offers an array of informative sessions. You can find our top picks of the best mobile security sessions here.
Your highlights from the week are as follows:
- 70% of companies were victimized by cyber breaches or attacks in the past year
- Avoiding security for the sake of speed places businesses at risk
- App extends private DNS feature to older Android versions
- New Apple Pay functionality could disrupt mobile payments
- Guilty plea strikes a blow to the encrypted secure phones industry
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“While professionals still consider ransomware a top threat, phishing remains the bigger problem for many in reality, the report found, as 44% of organizations said they suffered a successful phishing attack in 2018—up from 30% in 2017. Each organization faced an average of 11.4 successful phishing attacks in the past year, according to the report.”
“Continuous deployment pipelines open doors to a larger area of attack to include your production system, the build, testing and the deployment environment. Because of this, security should be implemented at every stage of your deployment pipeline.”
As the article notes, DevOps and security teams must collaborate throughout the development pipeline to secure mobile apps. Automated and integrated mobile appsec testing reduces friction to enable a secure mobile enterprise. Discover advice for embarking on the DevOps journey for secure mobile apps in our new guide.
“In Android 9, also known as Android Pie, Google has added a feature called Private DNS to start encrypting DNS on mobile. But for all the Android devices that won’t get an OS upgrade for awhile—or ever—the Alphabet subsidiary Jigsaw is releasing a free mobile app called Intra that can offer that additional layer of web protection to billions of mobile browsers around the world.”
How Apple’s update may turn the payments space on its head
Mobile Payments Today
“Considering security, by paying via your mobile phone through Apple Pay, all you are sending for a transaction is safely-tokenized card details. Moreover, every Apple Pay transaction comes with secure biometric authentication. You also don’t need to register with another company that stores your data. You simply use the service, pay securely and go.”
“US Attorney Adam Braverman said in the press release that ‘The Phantom Secure encrypted communication service was designed with one purpose—to provide drug traffickers and other violent criminals with a secure means by which to communicate openly about criminal activity without fear of detection by law enforcement.’ ”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.