Mobile apps have become a top target for attackers and a high-risk vector for users and businesses alike. In fact, Gartner has warned, “Through 2022, mobile application security failures will be the biggest mobile threat for enterprises.” In order for their digital transformation efforts to succeed, companies must offer an innovative mobile app user experience combined with proper security and privacy protections.
Learn about the latest security and privacy updates included in iOS 14 and how that impacts mobile app development and security teams in this collection of six short videos.
Learn about the latest security and privacy updates that appear in Android 11 and how that impacts mobile app development and security teams in this collection of eight short videos.
As a proud sponsor of the OWASP Mobile Security Project and the Global AppSec conference, NowSecure researchers helped develop and maintain the Radare2 Pay v1.0 Android crack-me app featured in the OWASP Mobile Security Testing Guide (MSTG). Intended to be similar to popular mobile payment applications, the Radare2 Pay app is difficult to crack. It features layers and layers of obfuscation and protection and anti-rooting technology in order to delay attacks.
Before joining the NowSecure research team this year, Grant Douglas worked as a mobile security consultant and has hundreds of mobile app pen tests under his belt. In this Q&A discussion, he shares insight about the differences between an attack and builder mindset, his favorite mobile appsec tools and technologies and his passion for CTF competitions.
NowSecure recently added API Security Testing to its portfolio of automated mobile application security testing solutions. Based on the OWASP API Security Top 10, the new capabilities enable app development and security teams to dynamically discover API risks and vulnerabilities and address them quickly before software release. NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their businesses at risk.