As mobile app release cycles have shrunk, companies empower developers to go faster using automated DevOps tools. Automated mobile application security testing enables dev teams to build in security while shifting left.
Reducing friction in the pipeline calls for scaling mobile app security to reduce risk while keeping pace with ever-increasing mobile app release frequency and volume. The best way to accomplish that is to integrate automated mobile security testing directly into the Continuous Integration/Continuous Delivery (CI/CD) toolchain.
Implementing automated mobile application security testing helps organizations address the security gap left between typical manual penetration testing that’s performed on an annual or semi-annual basis and today’s release cycles in which some software is shipped as fast as minutes.
In fact, a recent NowSecure survey about the state of secure mobile and web app development finds that integrating application security testing into the dev toolchain is the leading success factor for DevSecOps, followed by people and process changes. Organizations see several benefits to integrating mobile appsec testing within the software development lifecycle.
Speeding workflows with DevSecOps is all about making security an enabler rather than a blocker and letting tools do the work. Because most organizations already have a lot of processes in place, it’s essential to integrate mobile appsec testing as seamlessly as possible into existing workflows rather than create new ones.
That’s where the NowSecure mobile appsec testing platform comes in. The solution plugs into your DevOps ecosystem in multiple places as appropriate for your organization’s level of DevSecOps maturity. The integration can take a few different forms. One option is a plug-in for the DevOps tool that enables it to integrate with the testing tool. We offer plug-ins for Brinqa, CircleCI, Code Dx, Jenkins and Jira. Another way of achieving that is to use our API to embed mobile appsec testing into existing workflows such as other vulnerability management or communications tools such as email or Slack.
To get started, all you need is a binary. That may come from a public app store, an app management tool, or a build tool as shown in the diagram below. Once we receive a binary, it goes onto our cloud-based NowSecure platform for testing on real mobile devices. The solution performs static, dynamic and behavioral analysis for unmatched depth of coverage.
The testing process generally takes only 15 minutes to complete. Organizations can break the build if a critical or high-severity vulnerability presents in the findings or simply feed the wealth of information into an issue-tracking, vulnerability management or mobile device management system to act on and remediate.
A schematic below provides an example of how customers are implementing the NowSecure platform in their DevSecOps toolchain. As mentioned above, we offer a complete API for the solution which presents nearly endless possibilities for integrations and notifications.
To learn more technical specifics and see quick demos of Brinqa, Code Dx, Jenkins and Jira integrations, I encourage you to watch our webinar recording, “Integrating Security Into the Mobile App DevOps Ecosystem.” And to stay abreast of all things mobile DevSecOps, please subscribe to our twice-monthly newsletter.