Reverse engineering refers to the process of taking something apart to see how it works. The NowSecure Services team frequently performs reverse engineering on mobile apps to uncover security vulnerabilities and privacy flaws. This tutorial will help you master the basics of analyzing an Android app and knowing what to look for.
As a longtime innovator of automated mobile appsec testing software and services, NowSecure continues to embrace emerging technology by delivering the world’s first Interactive Application Security Testing (IAST) technology purpose-built for mobile. Sometimes called DAST 2.0 or the next generation of DAST by the security industry, this advancement provides security analysts and app developers with greater visibility into app vulnerabilities and privacy issues.
Although we recommend periodic in-depth pen tests for high-risk mobile apps that run business-critical processes or access sensitive information, this practice doesn’t scale well for DevOps teams. Mobile app pen testing requires intense human labor that simply can’t keep pace with the volume, velocity and frequency of DevOps releases. Many organizations can benefit from incorporating automated mobile appsec testing in the mobile DevSecOps toolchain to speed the delivery of secure mobile apps.
A keen focus on technology has helped fast casual company Sweetgreen expand across the nation. The company has plans to create a ‘food platform’ or integrated food system from supply chain all the way to delivery. Sweetgreen is but one example of mobile digital transformation that dramatically changes the way that companies interact with their customers, employees and partners. And attackers have taken notice of mobile.
Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.
What will 2020 hold for mobile application security? NowSecure predicts we’ll see an intensified focus on privacy, mobile DevSecOps gaining traction and ample activity around wearables and Internet of Things (IoT). Here are some of the mobile appsec trends and challenges that our experts anticipate we’ll see in 2020.