The depth and scope of NowSecure Platform testing gives customers assurance that their mobile AppSec programs meet the highest industry standard.

Media Announcement
magnifying glass icon

NowSecure & the OWASP MAS Project

NowSecure has partnered closely with the OWASP community since the start of the OWASP Mobile Application Security (MAS) Project, with OWASP MAS Project co-leader Carlos Holguera on staff guiding the many contributors.

Get A Demo

Dedicated to supporting the creation of mobile app security standards and delivering products and services that leverage OWASP specifications, NowSecure is the first recognized OWASP MAS Advocate and OWASP God Mode sponsor.

Get Standards-Based Testing with NowSecure & OWASP

Mobile AppSec teams trust the OWASP MASVS and MASTG to craft policies for architecting, building and testing mobile apps securely based on their relevant risk profile. NowSecure automated security testing and pen testing assessments map to the OWASP MASVS to help dev and sec teams achieve compliance with their Mobile AppSec policies.

A Partnership of Experts

NowSecure has more than 12 years of mobile app security experience and has supported the OWASP MAS project since its inception, collaborating on spec evolution and tooling while serving as an OWASP “god mode” sponsor for the OWASP MASVS. OWASP has recognized the “significant and consistent resources” NowSecure has dedicated to advancing the OWASP MAS project by awarding the highest status that companies can achieve, “OWASP MAS Advocate”.

Automated OWASP MASVS Coverage with NowSecure Platform

NowSecure Platform provides coverage for OWASP MASVS with highly accurate automated assessments and results that map directly to compliance requirements. With more than 600+ security and privacy tests and a battery of SAST, DAST, IAST, and APISec in every assessment, plus embedded developer remediation resources like sample code and developer documentation, finding and fixing OWASP MASVS issues can be done rapidly in any DevSecOps pipeline. Security teams can also take advantage of a clear and concise OWASP MASVS Compliance Report to understand if their app meets the requirements. NowSecure also supports the OWASP CycloneDX standard and NowSecure Platform generates a CycloneDX formatted dynamic Software Bill of Materials (SBOM) with each mobile app assessment.

Mobile App Pen Testing for for OWASP MASVS

The consultative approach of NowSecure Pen Testing as a Service means that every engagement starts with a threat model leveraging OWASP MASVS. Our team of expert mobile app pen testers provide full coverage for OWASP MASVS L1, L2, L1+R, and L2+R. All pen tests also include remediation assistance and a free retest to ensure that the issues found have been fixed. NowSecure PTaaS options combine continuous automated security testing and expert pen testing using OWASP MASVS at a frequency tuned to your requirements.

Free OWASP MAS Training

NowSecure Academy offers free, on-demand training on the OWASP MAS, MASVS, and MASTG. By sponsoring and frequently speaking at OWASP Global and Regional events, NowSecure provides community learning to drive adoption and helps organizations get an inside look at upcoming developments. With Carlos Holguera, one of the OWASP MAS Project co-leads, as a part of the NowSecure research team, NowSecure can provide an insider’s perspective of the standard’s evolution.

Upskill all Stakeholders to Write Better Code Faster

Testing for All Standards

NowSecure supports standards-based testing for a large number of standards including OWASP MASVS. Leveraging the OWASP MASVS, NowSecure and experts helped craft the ADA MASA standard for Android apps. NowSecure is an ADA Authorized Lab and IoXt Authorized Lab providing industry certifications. By using the NowSecure Platform Policy Engine, customers can customize for their relevant requirements or choose compliance standards such as the OWASP MASVS.

The NowSecure Difference

NowSecure, the industry leader for mobile app security, is trusted by the industry to build standards with the OWASP community, Google, App Defense Alliance, ioXt, telecommunications industry and others. The most demanding organizations and security teams rely on the NowSecure suite of standards-based mobile app security testing solutions. By leveraging a common standards-based approach for development and testing, organizations align all stakeholders to achieve higher predictability, repeatability, and efficiency in release cycles while reducing risk.

Accelerate Release Cycles

By embracing standards like the OWASP MASVS, security and development teams have a common understanding of what requirements must be met for a production release. This alignment gives development the opportunity to identify which issues must be resolved, address them, and release more quickly while staying within the guidelines defined by the standard.

Improve Security Posture

Defining “done” for security is a consistent challenge for security teams regardless of the organization’s size or industry. Mature security programs have found that the most effective way to address this is with standards. By establishing a minimum bar standard based on risk and compliance requirements, security teams can be confident that their mobile app has passed critical security checks for every new release.

Measure and Prove Security Efforts

It is incredibly important today, and will continue to become even more important in the future, to prove to auditors, cyber risk teams, regulators and customers that a mobile app meets a minimum security standard. Doing so demonstrates that the company took reasonable care to define, test and remediate to a security standard. By utilizing the OWASP MASVS, organizations are trusting the mobile app security experts to define what must be tested for and fixed before release, and with standards-based testing from NowSecure, teams can easily test to the standard with automation in the development pipeline from NowSecure Platform or manually with NowSecure Pen Testing Services.

Testing Tailored to Your Compliance Requirements

The security efforts required for each mobile app is different, with the rigor scaling up and down depending on the mobile app. Standards-based testing enables organizations to build tiered risk models to define the appropriate level of effort for security testing and remediation based on the risk level of that mobile app. The NowSecure Platform Policy Engine gives dev and sec teams the ability to combine standards like the OWASP MASVS with customized CVSS scores and reprioritized findings to create their standard policies and apply them to different apps in their portfolio. Whether it’s removing some pieces of the policy or adding in pieces of other compliance requirements, dev and sec teams can tailor the results, reports and tickets generated by NowSecure Platform to help teams fix what is most critical first and give security teams more time to investigate issues that require a closer look.

Discover the Power of NowSecure & OWASP

Combine Automated Testing and Industry Standards