NowSecure®, the only provider of fully automated 360-degree coverage of mobile app security testing, today announced the expansion of the NowSecure Platform™ with automated ‘Jailed’ Mobile AppSec Testing for Apple iOS through the new NowSecure Gadget technology. Under pressure to build, test and release more mobile apps with new features faster, NowSecure helps Agile and DevOps mobile teams accelerate their testing of latest functionality on latest mobile iOS releases with zero friction for development.
The groundbreaking automated NowSecure Gadget™ innovation removes traditional barriers and delays for dynamic and behavioral appsec testing on latest iOS versions, enabling appsec teams to test immediately when any new iOS version is released with no need to wait for SAST/DAST tool updates to new/updated iOS code frameworks or new OS ‘jailbreak’ to run dynamic testing, and no extra manual coding with proprietary SDKs required. The NowSecure Gadget auto-injects into the mobile app binary just like a debug tool, instrumenting the app from the inside while the NowSecure Platform tests the app from the outside using the unique NowSecure ‘Attacker POV’ for comprehensive risk analysis across security vulnerabilities, compliance gaps and privacy risks.
“With mobile being the dominant computing platform for business and moving at an accelerating rate, our customers need simplicity, speed and depth in mobile appsec testing,” said Alan Snyder, CEO NowSecure. “This is a huge leap forward for mobile app security testing. The ability to go deep, go fast and test on any iOS version — with no developer impact — is just what our customers have been requesting.”
With this release, NowSecure delivers the industry’s first and only Interactive App Security Testing (IAST) purpose-built for mobile apps, expanding the NowSecure best-of-breed mobile binary testing across Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Behavioral Application Security Testing (BAST) for the fastest, broadest and deepest coverage of automated mobile app security testing with near zero false positives. “Gartner predicts that by 2019, enterprise IAST adoption will exceed 30%.”
Unlike legacy IAST solutions for web apps that require SDKs, side loaded runtime apps and/or developer action, NowSecure Gadget is auto-injected at test time and leaves no residual code once testing is completed. To address the typical app owner and developer concerns about legacy IAST, the NowSecure auto-inject/auto-remove approach has zero impact on runtime performance or user experience. The NowSecure Gadget runs fully automated on any new version of iOS to test mobile apps developed in any development language with no ‘jailbreak’ and no developer coding dependencies.
“The new NowSecure Jailed Testing approach is significantly better than existing SAST source code scanning on mobile that some consider ‘state of the art’,” continued Snyder. “While SAST solutions for mobile only scan the surface of the app — generating a ton of false positive noise — and do not actually test the app while running, the NowSecure Platform is purpose-built for mobile and actually runs the app binary on live mobile devices to fully exercise and deeply test the app in the real world. Through our unique approach, NowSecure finds a myriad of issues that SAST cannot, such as data leakage, insecure 3rd party library/OSS, exposure to man-in-the-middle attacks like SSL and Cert issues, all endpoint IP address communications and more. NowSecure Jailed Testing for IAST is the simple, easy-to-use dynamic testing that everyone has been waiting for.”
The new NowSecure Jailed Testing for iOS capability in the NowSecure Workstation product is available for demonstration RSA 2018 and will be generally available in May 2018. NowSecure Gadget technology for Jailed Testing will be added to the other NowSecure products later this year. This new capability delivers substantial unique customer value:
- Day 1 testing of mobile apps on new iOS releases without months of delay while testing tools are updated to support new OS
- ‘Zero friction’ adoption with no coding for developers
- ‘No load’ with no production runtime performance degradation and no impact on user experience
- Broadest and deepest coverage by testing the mobile app from the inside
On display at RSA 2018, see the new NowSecure Jailed Testing for iOS and the amazing NowSecure Gadget technology in action at RSA booth 3229 or click here to register for your private demo and briefing.
As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber. www.nowsecure.com