Evaluating mobile applications for compliance with National Information Assurance Partnership (NIAP) security requirements can be a lengthy, costly process without automation. But not all NIAP mobile app vetting tools are created equally, so federal government agencies should choose carefully. Some solutions only support partial implementation of NIAP requirements, use an older version or lack complete detail and accuracy that leaves your organization at risk. Learn what questions to ask vendors to choose a tool that meets your needs.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
Nobody wants to develop insecure mobile apps, but mistakes can happen when people move quickly to meet a release timeline. Familiarize yourself with the Open Web Application Security Project (OWASP) Mobile Top 10 common mobile application security issues and adopt secure coding best practices to boost quality. In addition, continuously test apps in the dev toolchain with SAST, DAST and IAST automated mobile application security testing.
No two organizations face the same challenges in securing their mobile applications — variables include the type of mobile app, frequency of release, maturity of the application security testing program, staffing levels and a host of other factors. But what many companies have in common is that they rely on NowSecure automated mobile application security testing solutions and services to verify the apps they build and buy are safe for use by customers and employees. Learn how MyOwnMed and Vaporstream have strengthened security of their mobile apps and the successes they’ve enjoyed thanks in part to their use of NowSecure services and solutions.
Whether you’re a novice mobile app developer, a seasoned mobile application security analyst or somewhere in between, here’s a roundup of 31 best practices to hone your secure coding and mobile appsec testing skills. You can find useful advice from NowSecure experts in our twice-monthly “All Things Mobile DevSecOps” newsletter — subscribe now to be in the know.
As organizations seek to reduce costs and gain efficiencies, automation plays an increasingly important role in mobile application security. Automated mobile app security and privacy testing tools enable businesses and public-sector agencies to slash the costs of penetration testing by at least 50% and boost the productivity of security analysts tenfold.