Latest version automates policy-driven security testing and dramatically expands mobile security assessment coverage for faster, higher-quality mobile app software delivery at lower cost.
CHICAGO – September 27, 2022 — NowSecure, the leading standards-based mobile app security and privacy software company, today launched the latest iteration of the NowSecure Platform with new, industry-first, autonomous capabilities for productivity and auditability: Policy Engine and Guided Testing. NowSecure Platform Policy Engine is a first-of-its-kind mobile AppSec testing solution that enables organizations to seamlessly deploy, automate and enforce customized security policies and controls against industry established standards. Security teams can now ensure AppSec standardized compliance, enabling developers to code and deploy faster by knowing the “security rules” in advance. In addition, NowSecure Platform Guided Testing provides a new, more advanced mobile app security assessment hybrid approach by pairing highly accurate automated testing with expert analyst guidance, offering a more cost-effective alternative to manual pen testing.
Mobile app developers and security teams face some of the most critical security risks to-date, as the NowSecure MobileRiskTracker™ found that over 85% of tested apps in the Apple App Store and Google Play have security vulnerabilities, and 70% actively leak private data. This largely stems from the ineffective and inefficient measures in building and testing mobile application security. To mitigate these risks, NowSecure Platform now delivers a new kind of security automation for faster, more efficient pipeline performance. NowSecure Platform Policy Engine provides mobile app security teams the ability to implement, automate and enforce standard policies customized to their specific security needs at scale. What was generally considered a convoluted, tedious process involving multiple tools and human interaction, is now simplified and integrated with this all-in-one affordable solution. With NowSecure Platform Policy Engine, organizations can create a customized policy that includes relevant compliance requirements, industry standards, customized Common Vulnerability Scoring System (CVSS) scores, and prioritized findings to make the results of all security assessments actionable, efficient and consistent. Policy Engine eliminates the time consuming task of tracking app security policies for different teams and risk levels in a spreadsheet and ends debates across dev and security teams on what security issues to fix and how to code securely.
“Organizations need to release faster, reduce costs and improve security; and the only way to do all three is through automation,” said NowSecure CEO Alan Snyder. “The status quo of static source code analysis from traditional web testing tools and manual periodic penetration testing is too expensive, wastes developer time and does not improve security. Today’s NowSecure Platform release delivers key innovations that make it significantly easier for customers to achieve their mobile business objectives efficiently through security automation.”
Key components of NowSecure Platform Policy Engine, which are available today on the NowSecure Platform, empower mobile app security and development teams to:
- Deploy a shared set of rules to get more consistent, predictable, and relevant results for both developer and security teams
- Create policies for different app risk categories and mobile teams across the organization
- Run repeatable vulnerability assessments autonomously with security-set policy controls to unleash developer speed with confidence of policy compliance
- Maintain auditability with policy versioning to correlate the assessment and policy used
- Improve efficiency by focusing dev and security teams on the narrow scope of what needs to be secured, eliminating noise of traditional generalized scanning methods
- Prove to auditors and regulators that the appropriate app security and privacy controls were applied to every app version before being promoted to production
With this update, NowSecure also introduced the NowSecure Platform Guided Testing capability, an industry-first hybrid security solution offering automated mobile application security assessment coupled with interactive expert analysis. As organizations are faced with tightening IT budgets and labor shortages in the wake of a potential economic downturn, Guided Testing provides a cost-effective solution utilizing security automation. Organizations can now bridge the gap between fully automated testing and expert-led, full-scope pen tests. Typically used for ensuring expanded coverage for high-risk and complex mobile apps, NowSecure Platform Guided Testing offers a depth of over 600 tests, including SAST, DAST, IAST and APISec with very high accuracy and a less than 1% customer-reported false positive rate. This combination of automated testing and expert analyst guidance allows for assessment of critical, most used workflows, multi-factor authentication and bypass of anti-automation blockers to test beyond authentication workflows. This hybrid security automation means that organizations can better adapt their mobile security testing to align with their associated risk profile, coverage and cadence requirements at a lower cost.
“NowSecure Platform Guided Testing strikes a perfect balance between automated and pen testing, that’s more cost-effective with better coverage,” said the Head of AppSec at a Fintech Mobile App Maker.
With this latest version, customers will also find an enhanced developer and security-friendly user experience. The NowSecure Platform interface is now optimized for faster task completion, streamlined load times and advanced filters to provide development and security teams with customized results tailored to their workload. The platform is now also available in Dark Mode for enhanced readability and ease of eye strain from screen time.
The latest update of the NowSecure Platform joins the industry’s only full suite of mobile app security solutions from NowSecure including NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Services, and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to deliver the most secure mobile apps faster and continuously monitor their mobile app supply chains for risk. Top mobile innovators trust NowSecure to safeguard their mobile apps including AT&T, Caribou Coffee, Chime, iRobot and Uber.
Learn more about all of the latest features of the NowSecure Platform in our blog post: NowSecure Platform Pumps Up Mobile DevSecOps Productivity & Cost Savings.
To see NowSecure Platform in action, learn more about the latest in mobile AppSec innovations from industry experts and share DevSecOps best practices, join us at NowSecure Connect22 virtual event on October 26, 2022 – register here.
As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.