What should you expect for mobile appsec in 2021? NowSecure mobile application security experts make our top 8 predictions for the new year. Learn more and see how we can help reduce risk for your business.
NowSecure analyzed a mix of 75 Android and iOS holiday mobile apps for security and privacy risks. Overall, the results of our benchmark testing were disappointingly poor. Among the holiday apps we tested, 94% have security issues and 82% leak private data which indicates users should proceed with caution.
As a proud sponsor of the OWASP Mobile Security Project and the Global AppSec conference, NowSecure researchers helped develop and maintain the Radare2 Pay v1.0 Android crack-me app featured in the OWASP Mobile Security Testing Guide (MSTG). Intended to be similar to popular mobile payment applications, the Radare2 Pay app is difficult to crack. It features layers and layers of obfuscation and protection and anti-rooting technology in order to delay attacks.
Before joining the NowSecure research team this year, Grant Douglas worked as a mobile security consultant and has hundreds of mobile app pen tests under his belt. In this Q&A discussion, he shares insight about the differences between an attack and builder mindset, his favorite mobile appsec tools and technologies and his passion for CTF competitions.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.