Nearly all mobile apps interact with backend systems and require secure communications. One best practice for developers to safeguard network communications is to implement certificate pinning in their apps. Certificate pinning protects against attackers intercepting sensitive data via man-in-the-middle (MiTM) attacks. Learn more here.
As DevSecOps takes hold in organizations, there’s a noticeable difference in maturity of application security testing practices for mobile apps vs. web. NowSecure sought to understand the role of DevSecOps in the mobile application development lifecycle by polling IT leaders about their release and testing practices. Consult this infographic to see how your organization stacks up against your peers and the top benefits companies have achieved by incorporating security testing into mobile DevOps.
Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.
We’ve compiled a cheat sheet of commonly used DevOps metrics that those adopting a DevSecOps discipline will find useful. Read on to learn more about the metrics that support two main categories of improvements to the mobile app software development lifecycle (SDLC): Speed and quality as they pertain to application security.
Session replay is a technique that allows app developers to view screenshots, screen recordings, and touch events of how a user interacts with an app. Depending on how this technique is implemented, it can have some serious impacts to a user’s privacy. Based on recent news event, Apple already has started to notify app developers that they should obtain consent and inform users if they are being recorded.
Popular low or no-code mobile application development platforms empower new ranks of citizen developers. However, the tools can also shortchange application security and must be properly tested before the apps are rolled out. Learn some best practices for safely incorporating these app dev platforms into your organization.