NowSecure recently added API Security Testing to its portfolio of automated mobile application security testing solutions. Based on the OWASP API Security Top 10, the new capabilities enable app development and security teams to dynamically discover API risks and vulnerabilities and address them quickly before software release. NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their businesses at risk.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
NowSecure announces the release of NowSecure Workstation 6.0. The turnkey hardware and software kit that empowers analysts to quickly conduct deep mobile application security assessments of Android and iOS apps and generate customized reports with actionable results users can trust. Traditional mobile app penetration testing can consume at least two weeks of manual effort and requires ample expertise and an abundance of open-source tools. NowSecure Workstation reduces testing time from weeks to mere hours, driving dramatic 10x productivity gains and scalability.
No two organizations face the same challenges in securing their mobile applications — variables include the type of mobile app, frequency of release, maturity of the application security testing program, staffing levels and a host of other factors. But what many companies have in common is that they rely on NowSecure automated mobile application security testing solutions and services to verify the apps they build and buy are safe for use by customers and employees. Learn how MyOwnMed and Vaporstream have strengthened security of their mobile apps and the successes they’ve enjoyed thanks in part to their use of NowSecure services and solutions.
Reducing friction in the mobile app dev pipeline calls for scaling security to reduce risk while keeping pace with ever-increasing release frequency and volume. The best way to accomplish that is to integrate automated mobile app security testing directly into the Continuous Integration/Continuous Delivery (CI/CD) toolchain.
Because most organizations already have a lot of processes in place, it’s essential to integrate mobile appsec testing as seamlessly as possible into existing workflows rather than create new ones. The NowSecure platform features plug-ins and an API to integrate with a wide range of popular DevOps tools. The NowSecure platform features plug-ins and an API to integrate with a wide range of popular DevOps tools.
While mobile app security testing is fairly new, we still see a considerable share of BS from vendors. Inspired by a similar DoD document for Agile, we created our own list of crucial capabilities and key questions to ask prospective tool vendors.