NowSecure enables organizations to leverage Microsoft tools such as Azure DevOps, Visual Studio, Visual Studio App Center and GitHub to ship software faster and with higher quality. Purpose-built for mobile app teams, the NowSecure solution powers automated mobile app security and privacy testing of Android and iOS mobile app binaries developed in any language, framework or tool directly in the dev pipeline.
Over the years, NowSecure has helped organizations automate hundreds of thousands of security and privacy test runs for the mobile apps from the major companies and brands you know and use every day. Today at DevOps Enterprise Summit (DOES) in Las Vegas, we’re pleased to announce the availability of a new NowSecure pre-built connector for Microsoft Azure DevOps and Azure Pipeline CI/CD tools that can be found in the Microsoft Visual Studio marketplace — the NowSecure Extension for Microsoft Azure DevOps.
Formerly known as Visual Studio Team Services, Microsoft Azure DevOps provides developers with a suite of integrated tools including Azure Pipeline CI/CD tools. Azure DevOps services span the software development lifecycle to help developers collaborate to build and ship software faster and with higher quality. And the NowSecure extension helps mobile app teams ensure that security and privacy are built into the mobile apps they develop and deploy.
How NowSecure Works with Azure DevOps
The NowSecure Platform provides fully automated mobile app security and privacy testing (static, dynamic and behavioral analysis) optimized for and integrated directly into the DevOps pipeline. Because NowSecure tests the compiled mobile app binary post-build from Azure Pipelines, the solution can test software developed in any language and provides complete analysis of the mobile app binary including newly developed code, third-party code, and compiler/operating system dependencies.
NowSecure pinpoints real security and privacy issues in minutes, provides detailed remediation instructions, and includes validated artifacts for high accuracy and near zero false positives. The solution also automatically routes issues into a wide variety of ticketing systems in the tool chain. This integrated, closed-loop approach ensures faster flow and no friction by running automatically in the tool chain, with no new tools for developers to learn and no need to manually review and submit tickets.
Many organizations use the NowSecure Platform to perform mobile app security and privacy testing in parallel with functional testing in the software development lifecycle.
Connecting the NowSecure Extension for Azure DevOps to your Azure Pipelines project is simple with step-by-step instructions outlined in the Visual Studio Marketplace. Simply install the NowSecure Extension, configure it for your pipeline project, and add a task to your pipeline script to auto-launch the NowSecure test engine. You can easily connect NowSecure to the ticketing system of your choice too. As shown in the diagram above, once the Azure Pipelines build completes, the binary is automatically fed to NowSecure for security and privacy testing, then results are automatically routed into supported ticketing systems. You can also review all NowSecure findings in the Microsoft Artifacts Viewer.
NowSecure brings continuous security and privacy testing to mobile app teams whether they release daily, weekly, monthly or more frequently. The NowSecure test automation approach enables organizations to test every build every day, ensuring full security and privacy test coverage of new incremental code written daily, without slowing down the pipeline. In fact, the full-speed automated approach ensures teams can meet commit to release times of less than 60 minutes.
To gain more insight about developing secure mobile apps, read about the “Top 5 Mobile App Security Failures and How to Prevent Them” blog on the Microsoft Visual Studio App Center blog. Learn more about the NowSecure Platform here and download the NowSecure Extension for Microsoft Azure DevOps.