U.S. federal agencies such as the Department of Defense have adopted mobile DevSecOps to unleash speed and innovation. But risks are plentiful and mobile app security issues have put service members in harm’s way or potentially compromised intelligence. Including security in the mobile app dev process and vetting software supply chain components enables federal agencies to achieve continuous security through automation.
Nobody wants to develop insecure mobile apps, but mistakes can happen when people move quickly to meet a release timeline. Familiarize yourself with the Open Web Application Security Project (OWASP) Mobile Top 10 common mobile application security issues and adopt secure coding best practices to boost quality. In addition, continuously test apps in the dev toolchain with SAST, DAST and IAST automated mobile application security testing.
No two organizations face the same challenges in securing their mobile applications — variables include the type of mobile app, frequency of release, maturity of the application security testing program, staffing levels and a host of other factors. But what many companies have in common is that they rely on NowSecure automated mobile application security testing solutions and services to verify the apps they build and buy are safe for use by customers and employees. Learn how MyOwnMed and Vaporstream have strengthened security of their mobile apps and the successes they’ve enjoyed thanks in part to their use of NowSecure services and solutions.
Whether you’re a novice mobile app developer, a seasoned mobile application security analyst or somewhere in between, here’s a roundup of 31 best practices to hone your secure coding and mobile appsec testing skills. You can find useful advice from NowSecure experts in our twice-monthly “All Things Mobile DevSecOps” newsletter — subscribe now to be in the know.
Mobile app users have become more savvy about protecting sensitive personal information and regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) restrict data usage and sharing practices. Developers can get ahead of regulatory action and improve the overall user experience by looking for ways to implement mobile app privacy features directly into their mobile apps. Here are six mobile app privacy features they should implement.
Many mobile app developers with the best of intentions have rushed COVID-19 apps to Google Play and the App Store to assist with contact tracing, symptom diagnosis and outbreak maps. But in the speed to get apps that can help fight the pandemic out to the public quickly, some security and privacy vulnerabilities went undetected prior to release. Because the sensitive nature of healthcare information creates unique security and privacy challenges, I advise mobile app developers and security analysts to heed the following advice to avoid fairly common security, privacy and compliance issues.