The depth and scope of NowSecure Platform testing gives customers assurance that their mobile AppSec programs meet the highest industry standard.

Media Announcement
magnifying glass icon

NowSecure Announces Support for OWASP MASVS v2 to Empower Standards-Based Testing

Contact: NowSecure

Tel: (202) 240-7611

Email: [email protected]

For Immediate Release

February 15, 2023 - 4:00 am

NowSecure automated continuous testing, expert pen testing and training updated to enable organizations to take full advantage of the latest OWASP MASVS for mobile app compliance

Dublin, Ireland – February 15, 2023 — NowSecure, the expert in standards-based mobile app security and privacy, today announced its partnership with OWASP, the community of experts in application testing standards, to deliver industry-first support for OWASP MASVS v2. Mobile AppSec teams depend on the community-driven OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Application Security Testing Guide (MASTG) to craft policies for architecting, building and testing mobile apps securely. By leveraging these standards in the DevSecOps pipeline, organizations can align developer and security stakeholders to deliver more predictable, consistent and secure mobile apps faster, reducing cost and risk. In line with the launch of the next iteration of OWASP MASVS and the OWASP Global AppSec event, NowSecure has updated its solutions to support the latest version of OWASP MASVS requirements so organizations can ensure their mobile app releases meet the latest industry standards.

Used by security researchers, architects and developers, the OWASP foundation is recognized as the definitive source for security standards. Since its inception, the OWASP Mobile Application Security (MAS) project, created and validated by industry experts and the broader AppSec community, has evolved the mobile app standards to bring consistency, interoperability and reliability. The OWASP MAS project combines four critical resources to provide the best risk reduction approach for mobile app teams – OWASP MASVS as a baseline of security requirements for mobile apps, OWASP MASTG to outline how to test the MASVS requirements, OWASP MAS Checklist to track security assessment tasks and OWASP MAS Crackmes as a collection of mobile reverse engineering challenges. The latest version of OWASP MASVS v2 brings instrumental updates, including: 

  • Streamlined language and wording of controls based on fundamental concepts throughout the standard to ensure it is accessible and understood by a wider audience
  • Standard compliance testing customizable to specific needs using individual risk profiles
  • An enhanced version of the OWASP standard in machine readable format is now enabled for full automation and can be tuned to feed into other tooling to enable broader and deeper levels of automated MASVS compliance verification.

“The OWASP MASVS and MASTG set the standard for mobile app security around the globe,” said Carlos Holguera, OWASP MAS co-project lead and NowSecure security researcher. “The MASVS was designed to guide developers and security analysts on architecture, threat modeling and proper techniques to secure mobile data for safer, more efficient mobile app releases. With the new OWASP MASVS and the upcoming MASTG refactor, we’re bringing a new dimension to MAS testing to bring more clarity, simplicity, and newer and deeper levels of MASVS compliance for a wider audience.”

With NowSecure OWASP MASVS-enabled solutions, mobile app developers, architects and security teams can more efficiently and effectively leverage the latest recognized industry security and privacy standards. The NowSecure suite includes:

  • NowSecure Platform offers automated policy-driven testing in the CI/CD pipeline and compliance reports mapped to the latest OWASP MASVS requirements; can be customized to fit the specific needs and risk profile of each mobile app. 
  • NowSecure Mobile Pen Testing as a Service (PTaaS) provides full coverage assessments, from threat modeling to MASTG testing, for all OWASP MASVS (L1, L2, L1+R, and L2+R) compliance requirements and expert remediation compliance support. 
  • NowSecure Academy offers access to over 60 hours of free, in-depth training on the OWASP MAS, MASVS and MASTG. 

Built on a foundation of more than 11,000 pen tests, 4 million+ automated mobile app assessments and more than a decade of mobile app security testing and innovation, only NowSecure is positioned to offer the right mix of solutions to ensure organizations can protect the sensitive data and security of their mobile app users and meet their compliance needs with OWASP MASVS. 

“The status quo for mobile app security does not protect organizations and consumers. Our analysis of millions of iOS and Android mobile apps find that 85% violate multiple OWASP MASVS requirements,” said NowSecure CEO Alan Snyder. “OWASP MASVS is the best objective measure of mobile app security and privacy in the world. It is the standard that all organizations should be using, as consumers demand assurance that they are protected. Today we’ve updated our solutions to help our customers achieve higher predictability, repeatability and efficiency in release cycles by leveraging the gold standard of OWASP MASVS.”

For over seven years, NowSecure has been a foundational contributor and supporter of the OWASP mobile project and broader community, with NowSecure practitioners actively leading the specification evolution and tooling effort. Dedicated to supporting the adoption of mobile app security standards and delivering products and services that leverage OWASP specifications, NowSecure is the first and only recognized OWASP MAS Advocate and serves as an OWASP ‘God Mode’ sponsor. As co-creators of the ADA MASA and ioXT specifications and certifications, NowSecure advocated for the use of the OWASP MASVS as a proven mature standard. Today, NowSecure serves as an ADA Authorized Lab. In collaboration with both OWASP and NIST, NowSecure helped build OWASP MASVS and MASTG into NIST Requirements for mobile app testing. Through sponsorship and frequent speaking engagements at OWASP global and regional events, NowSecure provides community learning to drive adoption and helps organizations get an inside look at upcoming developments.

Aligned with this launch, Sven Schleier and Carlos Holguera, OWASP mobile project co-leads, will introduce OWASP MASVS v2 during their talk at the OWASP Global AppSec Conference in Dublin on Feb. 16 at 4:30 p.m. GMT. Those interested in learning more about the NowSecure OWASP MASVS v2 supported product portfolio can register for a meeting with NowSecure at the Global AppSec event here.

NowSecure recently interviewed Carlos Holguera about the exciting developments the OWASP community can expect to see in 2023 in our latest blog post. NowSecure will also host a special upcoming Tech Talk on Feb. 21 at 2 p.m. ET where Carlos Holguera will speak in-depth about the OWASP MASVS v2 updates. Register now.

About NowSecure

As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.

Posted by

NowSecure Mobile Security Advocate