CHICAGO, Feb. 19, 2020—NowSecure, the leading mobile app security and privacy software company, announced today that it has launched the world’s first Interactive Security Testing (IAST) purpose-built for mobile apps. With this innovative new feature, NowSecure provides its customers with better and deeper visibility into mobile app risks, security vulnerabilities, privacy issues and compliance gaps, empowering them to stay secure in an accelerating mobile threat landscape.
IAST is the technique of instrumenting an application from the “inside-out” to collect security testing telemetry as the mobile application runs. It was first developed for the web in 2015 and NowSecure is the first company to apply IAST to mobile. By inserting instrumentation inside a mobile app and capturing data in real-time, companies can easily identify more security risks and address them faster in Agile and DevOps processes.
“NowSecure understands that customers want comprehensive security and privacy testing solutions that are easy use,” said Alan Snyder, CEO of NowSecure. “We have always been market leaders in mobile app security and will continue to deliver innovation and value to our customers.”
There are 4.5 million apps in the Apple AppStore™ and Google Play™ and an estimated 25 million private internally developed mobile apps used by organizationes and agencies. In 2019, there were 204 billion worldwide app downloads. The ComScore Global State of Mobile Report shows that 63 percent of all digital time is now spent on mobile apps.
As the use of mobile apps has exploded, so have mobile app security vulnerabilities and privacy issues. It’s now more important than ever that companies are proactive about preventing mobile app breaches and reducing risks. The NowSecure IAST capability provides deeper inspection into mobile app risks, security vulnerabilities and compliance gaps, with near zero false positives. It enables app owners and users to properly test mobile apps to protect their data, employees, customers, and users.
The NowSecure Platform uniquely combines SAST (Static Application Security Testing) with DAST (Dynamic Application Security Testing) and IAST to create a comprehensive approach that delivers the most robust, fully automated security and privacy analysis available. DAST provides instrumentation hooks at the kernel level in the mobile OS on device to drive external attack scenarios and analyze app interactions with the device OS, network and backend APIs from the “outside-in.”
IAST injects instrumentation code into the mobile binary to hook key app APIs to inspect mobile app, data and control flows from the “inside-out” as dynamic analysis runs. With SAST, the instrumentation tests mobile app binaries built in any language/framework/tool while covering the entire app, including proprietary written code, 3rd party libraries, frameworks, configuration and permissions.
“We think of it like a race car,” said Snyder. “If SAST is walking around and looking at the car and DAST is driving the car around the track to feel how it handles, then IAST is using sensors to collect data on how the car is actually performing under the hood. Like instrumentation in a modern race car, our IAST innovations deliver a plethora of security, privacy and data telemetry that enables much better understanding of mobile app performance and risk.”
NowSecure provides the best of all three worlds – SAST/DAST/IAST – and is the only vendor to deliver IAST for testing mobile apps. This IAST innovation comes from the NowSecure world-renowned expert security research team, including the creators or FRIDA and RADARE advanced open source security testing tools. NowSecure has twice been named a Market Leader by IDC in the MAST MarketScape.
For more information, please visit:
As the recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS) and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, NIAP and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.