NowSecure recently added API Security Testing to its portfolio of automated mobile application security testing solutions. Based on the OWASP API Security Top 10, the new capabilities enable app development and security teams to dynamically discover API risks and vulnerabilities and address them quickly before software release. NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their businesses at risk.
Nobody wants to develop insecure mobile apps, but mistakes can happen when people move quickly to meet a release timeline. Familiarize yourself with the Open Web Application Security Project (OWASP) Mobile Top 10 common mobile application security issues and adopt secure coding best practices to boost quality. In addition, continuously test apps in the dev toolchain with SAST, DAST and IAST automated mobile application security testing.
As a longtime innovator of automated mobile appsec testing software and services, NowSecure continues to embrace emerging technology by delivering the world’s first Interactive Application Security Testing (IAST) technology purpose-built for mobile. Sometimes called DAST 2.0 or the next generation of DAST by the security industry, this advancement provides security analysts and app developers with greater visibility into app vulnerabilities and privacy issues.
Although we recommend periodic in-depth pen tests for high-risk mobile apps that run business-critical processes or access sensitive information, this practice doesn’t scale well for DevOps teams. Mobile app pen testing requires intense human labor that simply can’t keep pace with the volume, velocity and frequency of DevOps releases. Many organizations can benefit from incorporating automated mobile appsec testing in the mobile DevSecOps toolchain to speed the delivery of secure mobile apps.
What will 2020 hold for mobile application security? NowSecure predicts we’ll see an intensified focus on privacy, mobile DevSecOps gaining traction and ample activity around wearables and Internet of Things (IoT). Here are some of the mobile appsec trends and challenges that our experts anticipate we’ll see in 2020.
IDC estimates that by the end of 2019, organizations worldwide will have spent more than $1 trillion on digital transformation initiatives. But organizations struggle to develop apps fast enough to satisfy business demand and security often falls by the wayside. Learn how mobile DevSecOps can support digital transformation by enabling companies to swiftly develop apps without compromising security.