This latest release of the NowSecure Platform automated mobile application security testing solution boasts significant enhancements that boost mobile DevSecOps efficiency. It features a new streamlined interface which improves usability for greater team productivity and features that expand test coverage to enable organizations to manage risk against their unique requirements in a cost-effective manner.
Designed for mobile security analysts and mobile app developers to use on demand or integrate directly into the DevSecOps toolchain, the latest update of NowSecure Platform delivers the following security automation improvements:
- The NowSecure Platform customizable user interface speeds navigation to access relevant data and take action faster.
- The new NowSecure Platform Policy Engine empowers teams to set standard policies tailored to their needs that include relevant risk profiles, compliance requirements, customized CVSS scores and findings.
- The new NowSecure Platform Guided Testing offering expands test coverage by enabling mobile app authentication and navigation by NowSecure mobile security analysts.
Taken together, these major improvements empower organizations to work faster and more productively to speed the release of secure mobile apps to meet business demands.
“Organizations need to release faster, reduce costs and improve security; and the only way to do all three is through automation,” says NowSecure CEO Alan Snyder. “The status quo of static source code analysis from traditional web testing tools and manual periodic penetration testing is too expensive, wastes developer time and does not improve security. Today’s NowSecure Platform release delivers key innovations that make it significantly easier for customers to achieve their mobile business objectives efficiently through security automation.”
NowSecure Platform Optimized User Experience
NowSecure Platform offers an intuitive interface that speeds task completion with a modernized user experience:
- Users can customize the interface via filters to focus on key data and streamline navigation.
- Reports include more data in consumable formats, including a Network Traffic Capture analysis of the network connections made by the mobile app.
- Dark mode availability eases eye strain.
- Pre-built integrations and API availability enable developers to fit the automated testing tool into their preferred workflows.
- PDF and JSON exports tailor information to the receiving teams so development teams can search through evidence easily and security teams can easily digest and share status reports.
- A declarations feature supports comments and attachments that expedite collaboration between development and security teams.
- Configurable tickets enable users to select and prioritize findings and tap embedded remediation advice to speed repair.
NowSecure prioritized the user experience in the new NowSecure Platform interface. Improvements have been made to the most critical workflows including adding an app, configuring an assessment, and consuming results. The apps list, PDF generation and reports are all more customizable, enabling mobile app development team and security teams to include the right information for them, driving more speed and productivity. Tasks that previously took too many clicks are now just one click away, like starting an assessment or viewing the results of the last assessment run.
NowSecure Platform Policy Engine
The first of its kind, the NowSecure Platform Policy Engine powers productivity. Enabling organizations to test against mutually agreed upon security standards for security by design yields consistent, predictable and repeatable results.
Developers and security teams can create standard policies that include relevant risk profiles, compliance requirements, customized CVSS scores and prioritize findings for remediation to make the results of all assessments more focused, actionable and consumable.
NowSecure Platform Policy Engine boosts productivity and reduces risk via these capabilities:
- Build customized policies based on internal security requirements like OWASP MASVS, GDPR, NIAP, and HIPAA.
- Prioritize findings for developer remediation using categorization custom to the organization, whether it be “Fix First” or “P0”
- Maintain auditability with policy versioning to correlate the assessment and policy used.
- Pivot between policies in the same report to understand results in different contexts.
- Unleash more developer speed with preset, mutually agreed upon standard policies.
The NowSecure Platform Policy Engine enables teams to easily customize the findings surfaced in an assessment, assign severity to them, and categorize them for developer remediation. When building the policy, security and compliance teams get clear visibility into the findings that impact compliance requirements, can customize scoring using a CVSS calculator, and can toggle the appearance of each finding individually. This gives NowSecure Platform a level of customization unavailable from any other mobile app security testing tool.
NowSecure Platform Guided Testing
NowSecure Platform also supports a hybrid form of security assessments that combines automated mobile application security testing with interactive guidance from an expert analyst. Designed to expand coverage for high-risk or complex mobile apps, NowSecure Platform Guided Testing blends the 600+ automated tests included in every NowSecure Platform assessment with human-driven navigation through critical workflows or authentication methods that require manual intervention. For example, NowSecure can now automate testing with deeper coverage, beyond security controls such as two-factor authentication, multi-factor authentication, CAPTCHA and QR codes, app hardening, and tamperproofing features that make workflow navigation difficult to navigate.
NowSecure Guided Testing combines the depth of NowSecure Platform via more than 600 automated SAST, DAST, IAST and APISec tests on real devices with the power of mobile security analyst expertise gained through more than 11,000 mobile app pen tests the NowSecure Services team has completed over more than a dozen years.
“Organizations need to release faster, reduce costs and improve security; and the only way to do all three is through automation.” – NowSecure CEO Alan Snyder
While NowSecure Platform runs an automated assessment, the NowSecure analyst uses a physical test device to navigate the mobile app in order to bypass any anti-automation features a mobile app uses and optionally navigate sensitive or commonly used workflows. Results of the automated and manual portions of the guided assessment results are combined and reported in NowSecure Platform and passed to other tools via integrations for full visibility.
The new Guided Testing capability offers a fast, easy and cost-effective alternative to manual mobile penetration testing with a comprehensive level of breadth and depth of coverage. While manual pen testing provides the deepest and broadest coverage possible, that process takes considerable time and money to perform, making it impractical for frequent use in the mobile DevSecOps pipeline.
NowSecure Guided Testing enables organizations to better tailor testing to match their mobile app risk profile, coverage and cadence requirements. This approach suits most apps with critical, complex user workflows or authentication methods that require manual intervention to reduce risk at the speed required for mobile DevSecOps.
Autonomous Testing Ahead
Ready to enjoy the usability, productivity and coverage that NowSecure Platform brings mobile AppSec and DevSecOps teams? Book a demo to see for yourself just how easy it is to use the automated mobile application security testing software.
To see NowSecure Platform in action, learn more about the latest in mobile AppSec innovations from industry experts and share DevSecOps best practices, join us at NowSecure Connect22 virtual event on October 26, 2022 – register here.