Virtually all organizations rely on mobile apps, yet none have the exact same requirements, mobile development methods and risk tolerance. Perhaps your team is expanding a mobile DevSecOps program, building a new flagship mobile app, responding to a data breach or seeking to reduce risk in the supply chain.
With a singular focus on mobile security and more than a dozen years of expertise, NowSecure offers a comprehensive suite of automated mobile app security and privacy testing software, Pen Testing as a Service (PTaaS) and training courseware to help organizations succeed throughout the software development lifecycle. Customers from a range of industries such as banking and finance, mHealth, high tech, retail & hospitality and government trust NowSecure to help safeguard their mobile apps and drive efficiency and speed in the DevSecOps pipeline. Here are some of their case studies
Mobile Pen Testing as a Service
Genisys Credit Union embarked on mobile digital transformation more than a decade ago and launched Android and iOS mobile banking apps to improve convenience for its members. As a financial services company subject to industry regulations, the credit union has long partnered with NowSecure to protect Genisys Mobile apps from security and privacy vulnerabilities.
Genisys Credit Union must obtain a third-party security assessment to comply with the National Credit Union Association (NCUA) membership requirements. NowSecure Mobile Pen Testing as a Service (PTaaS) provides auditors with assurance that the credit union’s mobile apps provide strong security.
The combination of NowSecure Platform on-demand automated mobile application security testing and NowSecure Mobile PTaaS enables Genisys Credit Union to achieve the following benefits:
- Gain confidence that the mobile app properly protects member data
- Speed the process of finding and fixing security vulnerabilities
- Demonstrate third-party validation for compliance.
The Genisys team uses a single NowSecure Platform portal to perform automated mobile AppSec testing and request mobile application penetration tests from the NowSecure PTaaS team. NowSecure performs iOS penetration tests and Android application penetration testing for mobile applications as needed. In the meantime, the credit union gains development efficiency by using NowSecure Platform to automatically assess each app update and generate reports to prioritize security issues and aid remediation.
Frank Klimczak, information security manager, selected NowSecure Mobile PTaaS due to the company’s mobile expertise and the high quality and value of its solutions. “NowSecure Platform gives us confidence that the developers practice secure coding and NowSecure Mobile PTaaS gives us the required manual testing for compliance reporting and even more confidence in complete coverage,” he says.
Discover more about how NowSecure software and services help Genisys Credit Union ensure the security of its flagship mobile app and what the credit unions leaders say about the NowSecure user experience.
Integrated DevSecOps Testing
Mobile development teams value speed and seek mobile security solutions that can help them get high-quality mobile apps to market faster. Integrating automated mobile application security testing into the dev pipeline enables developers to bake security into the SDLC to prevent the release of insecure mobile apps, all while working in their preferred tools and interfaces.
The SaaS vendor EveryoneSocial helps businesses expand reach and drive sales and engagement by activating their employees as influencers. The high-tech employee advocacy relies on NowSecure Platform integrated mobile DevSecOps testing to achieve efficient, secure mobile app development.
“NowSecure is critical to our development process,” says Brandon Hall, director of engineering for EveryoneSocial. His team uses NowSecure Platform to achieve the following benefits:
- Gain and safeguard the trust of enterprise customers
- Ensure security and quality of mobile apps
- Enable rapid release cycles of multiple times per week.
NowSecure Platform offers pre-built integrations for leading DevSecOps tools — for EveryoneSocial, the tools of choice include a Jenkins CI/CD system and a Jira ticketing system. It works in the background to provide a hands-off, seamless user experience for developers. Whenever the devs merge a pull request, Jenkins automatically uploads the build to NowSecure Platform for analysis.
NowSecure Platform includes repair instructions, evidence, code samples and links to iOS and Android documentation within issue tickets. “I truly appreciate that each result is detailed and includes remediation resources with a significant time saver,” says Hall. “It’s a fantastic tool.”
In addition, the partnership with NowSecure helps EveryoneSocial demonstrate that it cares about its customers’ security and privacy. Hall says, “NowSecure Platform helps reassure our enterprise customers that we’re effectively managing risk.”
Learn more about EveryoneSocial integrated mobile DevSecOps testing practices in the full case study.
Supply-Chain Risk Monitoring
Entrusted with protecting national security, the U.S. Department of Justice (DOJ) needs to be cautious about the mobile apps employees use to avoid compromising sensitive data or placing them at risk. The DOJ proactively manages its mobile app portfolio by vetting mobile apps from the public app stores prior to installation to determine if they’re safe to use. In addition to performing mobile app vetting for supply-chain risks, the agency continuously monitors mobile apps to act on changes that introduce security or privacy vulnerabilities.
NowSecure Platform provides the following benefits:
- Gain visibility into the security and privacy risks of Android and iOS mobile apps
- Continuously monitor its mobile app portfolio for new supply-chain risks
- Enforce policy and comply with an array of federal mandates.
Manually assessing each and every mobile app that DOJ staff ask to use simply isn’t possible without automation. However, NowSecure Platform enables the federal public-sector agency to vet mobile apps in as few as 30 minutes. In addition, the NowSecure Workstation pen testing toolkit aids staff in testing complex mobile apps. “It’s a huge workload lifted from my security team,” says Mike McHugh, mobile security program manager for the DOJ.
The DOJ built a Mobile Risk Dashboard that enables McHugh’s team to track mobile app and mobile device risk and control mobile app usage on government devices. The Mobile Risk Dashboard runs NowSecure Platform for automated mobile application security testing, VMware AirWatch enterprise mobility management software and Splunk for analytical insights.
“The level of customer support is a huge differentiator for NowSecure and the product is great,” says McHugh. Learn more about how the DOJ enforces mobile policy and reduces supply-chain risk in this case study.
Mobile AppSec & Developer Training
The DOJ recently began integrating NowSecure Academy online mobile app security and developer training into its onboarding program for new and existing cybersecurity personnel.
NowSecure Academy expert-led learning program and certifications impart foundational knowledge to upskill developers and security analysts on how to improve code quality, important security distinctions between web vs mobile apps and mobile app pen testing techniques.
Participants can earn industry-recognized certificates for development and security skills to demonstrate to teams and customers that the organization prioritizes security and staff have the skills needed to code, test and deliver secure mobile apps quickly. Learning paths include both foundational and advanced certificates delivered via self-paced courses.
ADA MASA Independent Security Review
Google and a coalition of mobile app security vendors formed the App Defense Alliance (ADA) to ensure the safety of Google Play by protecting users against insecure mobile apps. The ADA launched the Mobile Application Security Assessment (MASA) program to enable developers to obtain third-party validation that their mobile apps meet industry standards for security and privacy.
Companies may submit their Android apps to an ADA Authorized Lab for a rigorous ADA MASA independent security review. Apps that meet the requirements are listed on the App Validation Directory and display an independent security review badge in their Google Play Store listings, giving users confidence that mobile apps have been vetted by outside experts to be safe and secure.
HYPR makes a passwordless multi-factor authentication solution and its entire business revolves around security. “From a mobile app security standpoint, making sure that we keep data secure is our main concern,” says Aldo Salas, application security lead for HYPR.
The high-tech company invested in MASA certification to gain an advantage over its competitors. “ADA MASA validations are important because they give customers peace of mind,” Salas says. “For me, this is a big differentiator…customers can publicly see that this application doesn’t have any major security issues.”
After conducting an ADA Authorized Labs evaluation, Salas selected NowSecure to perform ADA MASA validation because it’s the sole mobile-first, mobile-only member and to gain access to NowSecure Platform automated mobile application security testing software. Working with NowSecure, HYPR has gained the following benefits from ADA MASA validation and NowSecure Platform:
- Ensure maximum security of its mobile app
- Solidify customer trust and improve standing among other mobile apps in the Google Play Store
- Demonstrate compliance with and commitment to industry security and privacy standards
NowSecure assessed the HYPR Android app for security and privacy vulnerabilities to ensure it met a set of baseline criteria for developers. MASA is based on the Open Worldwide Application Security Project (OWASP) Mobile Application Security Verification Standard (MASVS), a globally recognized standard for mobile application security. The OWASP Mobile Application Security (MAS) Project aids developers and security analysts in building their mobile apps securely and testing against security requirements.
Learn more about how HYPR taps NowSecure ADA MASA validation and NowSecure Platform continuous automated mobile AppSec testing to demonstrate compliance with industry standards.
Mobile Application Security Solutions
Try our flagship NowSecure Platform mobile application security solution yourself to see how it typically speeds releases by 30%, reduces testing and delivery costs by 30% and risks by 40%. Sign up for a free trial today, reach out to discuss our PTaaS offering and enroll in NowSecure Academy.