NOWSECURE UNVEILS FIRST AUTOMATED OWASP MASVS V2.1 MOBILE APP SECURITY AND NEW PRIVACY TESTING

NowSecure MARI is the industry’s first simple risk score based on millions of assessments that identifies third-party apps vulnerable to PII and IP exfiltration, supply-chain and MiTM attacks and sensitive data theft.

MARI Datasheet featured image 768X480
NowSecure Launches Mobile App Risk Intelligence Solution to Combat Threats to Customer and Employee Security, Safety and Privacy NowSecure Launches Mobile App Risk Intelligence Solution to Combat Threats to Customer and Employee Security, Safety and Privacy Show More
magnifying glass icon

New NowSecure API Security Testing Reduces Mobile App Risk

Posted by
Brian Reed

Brian Reed

Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV working with Fortune 2000 global customers, mobile trailblazers and government agencies. With more than 25 years building innovative products and transforming organizations, Brian has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a graduate of Duke University.

NowSecure recently added API Security Testing to its portfolio of automated mobile application security testing solutions. Based on the OWASP API Security Top 10, the new capabilities enable app development and security teams to dynamically discover API risks and vulnerabilities and address them quickly before software release.

APIs are critical to modern app architectures, yet can present significant risk. Application developers rely on APIs to connect mobile apps to back-end resources and provide functionality to complete key tasks. But if not properly architected, secured and tested, both official APIs and unapproved shadow APIs leave an organization vulnerable to attacks.

A typical mobile app leverages between 5 – 10 distinct back-end API services ranging from crash and performance analytics, monetization and cloud to traditional brower web APIs. Security teams often lack automated tools to discover and understand the breadth of mobile app APIs. As a result, mobile API observability presents a critical gap.

“Attackers routinely collect reconnaissance information to fingerprint back-end servers by observing authentication credentials such as JWT, Basic Authorization and by understanding the types of APIs being used in an application such as REST or modern GraphQL interfaces,” says NowSecure Chief Technology Officer David Weinstein. “NowSecure Mobile API Security testing enables our customers to better address the full breadth of the mobile application attack surface starting with the mobile application itself through to and including the security posture of internally coded back-end APIs, third-party API service providers and software development kits (SDKs) back-end services.”

NowSecure announced the availability of NowSecure API Security Testing at the virtual DevOps World by CloudBees 2020 conference. “Over the past decade we have evolved our security testing capabilities to meet the needs of changing mobile architectures, mobile operating systems and industry tool preferences,” said NowSecure CEO Alan Snyder. “Adding API Security Testing and aligning with industry standards such as OWASP makes it easy for our customers to protect their mobile apps and connected APIs and ensure that there is an objective measure of acceptable risk.”

NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their organizationes at risk.

NowSecure API Security Testing is available across the NowSecure suite of mobile app security and mobile risk management solutions including NowSecure Platform for fully automated Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) and NowSecure Workstation for analyst-driven testing.

To see the power of API Security Testing in NowSecure Platform and NowSecure Workstation, reach out for a demo today.