Chicago, IL September 22, 2020 — NowSecure, the leading mobile app security and privacy software company, announced today at the virtual DevOps World by Cloudbees 2020 conference that it has added API Security Testing to its comprehensive portfolio of mobile testing solutions. The new capabilities enable mobile app development and security teams to dynamically discover mobile-connected API risks and vulnerabilities to address them quickly before software release.
Although the evolution of API architectures has driven innovation and speed, it has also opened a new high-risk attack vector to all organizations and associated apps that use APIs. Application developers rely on APIs to connect apps to back-end resources and provide functionality necessary to complete key tasks. If not properly architected, secured and tested, both official APIs and unapproved shadow APIs leave an organization vulnerable to attacks. Aware of these risks, the industry standards group OWASP in late 2019 released the OWASP API Top 10 to guide organizations through proper API security testing. As an early OWASP member and active supporter of the OWASP Mobile Project, NowSecure recognizes the importance of using OWASP standards to address API security risk.
“Over the past decade we have evolved our security testing capabilities to meet the needs of changing mobile architectures, mobile operating systems and industry tool preferences,” said NowSecure CEO Alan Snyder. “Adding API Security Testing and aligning with industry standards such as OWASP makes it easy for our customers to protect their mobile apps and APIs and ensure that there is an objective measure of acceptable risk. We’re pleased to announce these new capabilities at DevOps World 2020 with our friends CloudBees.”
NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their businesses at risk.
“DevOps World 2020 brings together leading experts from across the DevOps ecosystem to discuss the most important issues transforming software delivery today,” said Shawn Ahmed, senior vice-president and general manager, Software Delivery Automation, CloudBees. “One of those important issues is DevSecOps —it is top of mind for DevOps teams today. NowSecure is speaking to this very topic on DevSecOps for mobile at DevOps World. We are pleased they have chosen DevOps World to also announce their new API security testing capabilities, extending NowSecure’s mobile testing capabilities to meet the needs of mobile app development and security teams.”
NowSecure API Security Testing is available across the NowSecure suite of mobile app security and mobile risk management solutions including NowSecure Platform for fully automated security testing, NowSecure Workstation for analyst-driven security testing, NowSecure Training Services for developer and security analyst skills advancement, NowSecure Pen Testing Services for expert certification, and NowSecure Services and Support.
NowSecure Platform and NowSecure Workstation identify the broadest array of mobile app and API security threats, compliance gaps, and privacy risks with thousands automated static, dynamic, interactive and now API security tests built on industry standards (eg. OWASP, NIAP) and 10 years experience pen testing tens of thousands of mobile apps. Detailed assessments speed resolution with hyper accurate findings and diagnostic recommendations with code examples.
- NowSecure Platform is our easy-to-use, fully automated cloud-based portal purpose-built for mobile Agile and DevSecOps teams to drive faster, high-quality releases. NowSecure Platform enables distributed teams to test on demand or integrated into the mobile app software development lifecycle (SDLC) including Cloudbees, Jenkins, Jira, and numerous other tools in SDLC toolchain. NowSecure Platform automatically delivers a full assessment in less than 30 minutes after a mobile app build for fast feedback loops demanded by modern DevSecOps at scale.
- NowSecure Workstation is our on-premises, all-in-one toolkit purpose-built to scale mobile app security team productivity, combining a preconfigured laptop with mobile security testing software and mobile devices. NowSecure Workstation gives analysts full control to conduct wizard-driven and step-by-step interactive testing, including deep complex scenarios like inspecting device memory or packet data, or interactively testing multi-factor authentication, CAPTCHA, mobile IoT, and USB/Bluetooth connected equipment. NowSecure Workstation collapses a two-week manual pen test into a few hours.
Learn more about the new NowSecure API Security Testing capabilities here.
NowSecure is the mobile app security and privacy software company trusted by hundreds of the world’s most demanding organizations and most advanced security teams. From mobile-powered digital transformation to mobile-first innovators, NowSecure protects millions of mobile app users across banking, insurance, high tech, IOT, retail, hospitality, transportation, energy and government sectors. NowSecure ensures confidence that your organization is protecting your mobile app users, customers, partners and employees.
Only NowSecure delivers fully automated mobile app security, API security and privacy testing software and services with speed, accuracy, and efficiency for enterprise-wide risk management, Agile and DevSecOps programs. Through automated continuous SAST/DAST/IAST/API Security Testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy risks. With more than a decade of mobile security expertise, NowSecure is SOC2 certified and was twice recognized as the worldwide leader in 2019 IDC MarketScape reports for Mobile Application Security Testing and named a DevSecOps Transformational leader by Gartner in 2020.