Chicago, IL September 22, 2020 — NowSecure, the leading nowsecuremobile app security and privacy software company, announced today at the virtual DevOps World by Cloudbees 2020 conference that it has added API Security Testing to its comprehensive portfolio of mobile testing solutions. The new capabilities enable mobile app development and security teams to dynamically discover mobile-connected API risks and vulnerabilities to address them quickly before software release.
Although the evolution of API architectures has driven innovation and speed, it has also opened a new high-risk attack vector to all organizations and associated apps that use APIs. Application developers rely on APIs to connect apps to back-end resources and provide functionality necessary to complete key tasks. If not properly architected, secured and tested, both official APIs and unapproved shadow APIs leave an organization vulnerable to attacks. Aware of these risks, the industry standards group OWASP in late 2019 released the OWASP API Top 10 to guide organizations through proper API security testing. As an early OWASP member and active supporter of the OWASP Mobile Project, NowSecure recognizes the importance of using OWASP standards to address API security risk.
“Over the past decade we have evolved our security testing capabilities to meet the needs of changing mobile architectures, mobile operating systems and industry tool preferences,” said NowSecure CEO Alan Snyder. “Adding API Security Testing and aligning with industry standards such as OWASP makes it easy for our customers to protect their mobile apps and APIs and ensure that there is an objective measure of acceptable risk. We’re pleased to announce these new capabilities at DevOps World 2020 with our friends CloudBees.”
NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their organizationes at risk.
“DevOps World 2020 brings together leading experts from across the DevOps ecosystem to discuss the most important issues transforming software delivery today,” said Shawn Ahmed, senior vice-president and general manager, Software Delivery Automation, CloudBees. “One of those important issues is DevSecOps —it is top of mind for DevOps teams today. NowSecure is speaking to this very topic on DevSecOps for mobile at DevOps World. We are pleased they have chosen DevOps World to also announce their new API security testing capabilities, extending the NowSecure mobile testing capabilities to meet the needs of mobile app development and security teams.”
NowSecure API Security Testing is available across the NowSecure suite of mobile app security and mobile risk management solutions including NowSecure Platform for fully automated security testing, NowSecure Workstation for analyst-driven security testing, NowSecure Training Services for developer and security analyst skills advancement, NowSecure Pen Testing Services for expert certification, and NowSecure Services and Support.
NowSecure Platform and NowSecure Workstation identify the broadest array of mobile app and API security threats, compliance gaps, and privacy risks with thousands automated static, dynamic, interactive and now API security tests built on industry standards (eg. OWASP, NIAP) and 10 years experience pen testing tens of thousands of mobile apps. Detailed assessments speed resolution with hyper accurate findings and diagnostic recommendations with code examples.
- NowSecure Platform is our easy-to-use, fully automated cloud-based portal purpose-built for mobile Agile and DevSecOps teams to drive faster, high-quality releases. NowSecure Platform enables distributed teams to test on demand or integrated into the mobile app software development lifecycle (SDLC) including Cloudbees, Jenkins, Jira, and numerous other tools in SDLC toolchain. NowSecure Platform automatically delivers a full assessment in less than 30 minutes after a mobile app build for fast feedback loops demanded by modern DevSecOps at scale.
- NowSecure Workstation is our on-premises, all-in-one toolkit purpose-built to scale mobile app security team productivity, combining a preconfigured laptop with mobile security testing software and mobile devices. NowSecure Workstation gives analysts full control to conduct wizard-driven and step-by-step interactive testing, including deep complex scenarios like inspecting device memory or packet data, or interactively testing multi-factor authentication, CAPTCHA, mobile IoT, and USB/Bluetooth connected equipment. NowSecure Workstation collapses a two-week manual pen test into a few hours.
Learn more about the new NowSecure API Security Testing capabilities here.
As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.