NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

magnifying glass icon

NowSecure Announces World’s First Automated ‘Jailed’ Device Mobile AppSec Testing on Apple iOS for Day 1 Testing on Latest Mobile OS Releases

New NowSecure Gadget™ technology auto-injects into the iOS mobile app binary to rapidly and thoroughly test mobile app security, compliance and privacy from the inside of the app running on latest iOS releases

Contact: Hannah LaCorte

Tel: (202) 240-7611

Email: [email protected]

For Immediate Release

April 11, 2018 - 6:59 am

NowSecure®, the only provider of fully automated 360-degree coverage of mobile app security testing, today announced the expansion of the NowSecure Platform™ with automated ‘Jailed’ Mobile AppSec Testing for Apple iOS through the new NowSecure Gadget technology. Under pressure to build, test and release more mobile apps with new features faster, NowSecure helps Agile and DevOps mobile teams accelerate their testing of latest functionality on latest mobile iOS releases with zero friction for development.

The groundbreaking automated NowSecure Gadget™ innovation removes traditional barriers and delays for dynamic and behavioral appsec testing on latest iOS versions, enabling appsec teams to test immediately when any new iOS version is released with no need to wait for SAST/DAST tool updates to new/updated iOS code frameworks or new OS ‘jailbreak’ to run dynamic testing, and no extra manual coding with proprietary SDKs required. The NowSecure Gadget auto-injects into the mobile app binary just like a debug tool, instrumenting the app from the inside while the NowSecure Platform tests the app from the outside using the unique NowSecure ‘Attacker POV’ for comprehensive risk analysis across security vulnerabilities, compliance gaps and privacy risks.

“With mobile being the dominant computing platform for organization and moving at an accelerating rate, our customers need simplicity, speed and depth in mobile appsec testing,” said Alan Snyder, CEO NowSecure. “This is a huge leap forward for mobile app security testing. The ability to go deep, go fast and test on any iOS version — with no developer impact — is just what our customers have been requesting.”

With this release, NowSecure delivers the industry’s first and only Interactive App Security Testing (IAST) purpose-built for mobile apps, expanding the NowSecure best-of-breed mobile binary testing across Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Behavioral Application Security Testing (BAST) for the fastest, broadest and deepest coverage of automated mobile app security testing with near zero false positives. “Gartner predicts that by 2019, enterprise IAST adoption will exceed 30%.”

Unlike legacy IAST solutions for web apps that require SDKs, side loaded runtime apps and/or developer action, NowSecure Gadget is auto-injected at test time and leaves no residual code once testing is completed. To address the typical app owner and developer concerns about legacy IAST, the NowSecure auto-inject/auto-remove approach has zero impact on runtime performance or user experience. The NowSecure Gadget runs fully automated on any new version of iOS to test mobile apps developed in any development language with no ‘jailbreak’ and no developer coding dependencies.

“The new NowSecure Jailed Testing approach is significantly better than existing SAST source code scanning on mobile that some consider ‘state of the art’,” continued Snyder. “While SAST solutions for mobile only scan the surface of the app — generating a ton of false positive noise — and do not actually test the app while running, the NowSecure Platform is purpose-built for mobile and actually runs the app binary on live mobile devices to fully exercise and deeply test the app in the real world. Through our unique approach, NowSecure finds a myriad of issues that SAST cannot, such as data leakage, insecure 3rd party library/OSS, exposure to man-in-the-middle attacks like SSL and Cert issues, all endpoint IP address communications and more. NowSecure Jailed Testing for IAST is the simple, easy-to-use dynamic testing that everyone has been waiting for.”

The new NowSecure Jailed Testing for iOS capability in the NowSecure Workstation product is available for demonstration RSA 2018 and will be generally available in May 2018. NowSecure Gadget technology for Jailed Testing will be added to the other NowSecure products later this year. This new capability delivers substantial unique customer value:

  • Day 1 testing of mobile apps on new iOS releases without months of delay while testing tools are updated to support new OS
  • ‘Zero friction’ adoption with no coding for developers
  • ‘No load’ with no production runtime performance degradation and no impact on user experience
  • Broadest and deepest coverage by testing the mobile app from the inside

On display at RSA 2018, see the new NowSecure Jailed Testing for iOS and the amazing NowSecure Gadget technology in action at RSA booth 3229 or click here to register for your private demo and briefing.

About NowSecure

As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern organization demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.

Posted by
Brian Reed NowSecure CMO

Brian Reed

As NowSecure Chief Mobility Officer, Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV working with Fortune 2000 global customers, mobile trailblazers and government agencies. At NowSecure, Brian drives the overall go-to-market strategy, solutions portfolio, marketing programs and industry ecosystem. With more than 25 years building innovative products and transforming organizations, Brian has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a graduate of Duke University.