NowSecure Unveils First Automated OWASP MASVS v2.1 Mobile App Security and New Privacy Testing
For Immediate Release
April 30, 2024 - 12:30 pmThe depth and scope of NowSecure Platform testing gives customers assurance that their mobile AppSec programs meet the highest industry standard.
CHICAGO – April 30, 2024 — NowSecure, the leader in mobile security and privacy testing, today raised the level of protection available to safeguard enterprise mobile app portfolios with the industry’s first automated solution for the OWASP Mobile Application Security Verification Standard (MASVS) version 2.1. Available from within NowSecure Platform, customers can comprehensively test to the MASVS v2.1 industry standard easily demonstrating to stakeholders that their mobile apps uphold the highest levels of security and user privacy.
The OWASP MASVS v2.1 serves as the global standard for mobile application security and defines a set of requirements and best practices for secure mobile app development. It includes a new category supported by the NowSecure Platform, MASVS-PRIVACY. These controls provide mobile app development and security teams with much-needed visibility into the privacy implications of their mobile apps to meet app store requirements and meet the challenge of the intensifying scrutiny of the U.S. Federal Trade Commission (FTC).
“With the new privacy category, we’re now able to address cases not covered by traditional security testing,” said Carlos Holguera, OWASP MAS project lead and senior mobile security research engineer for NowSecure. “The support inside NowSecure Platform is critical for our customers.”
While data security focuses on protecting data from unauthorized access, privacy focuses on the rights of users regarding data collection, processing, storage and sharing. For example, imagine that an app transmits encrypted data securely, but that data contains highly sensitive personal information that’s sent to outside parties without user consent. The new privacy controls ensure this and other privacy failures are prevented, Holguera explained.
The new OWASP-MASVS v2.1 controls featured in NowSecure Platform include:
- MASVS-PRIVACY-1: Minimizes access to sensitive data and resources
- MASVS-PRIVACY-2: Prevents user identification
- MASVS-PRIVACY-3: Ensures/promotes transparency in data collection and usage
- MASVS-PRIVACY-4: Provides user control over personal data
As an OWASP MAS Advocate and industry leader, NowSecure has extensively contributed to the OWASP Mobile Application Security Project (MAS) and championed creation of OWASP MASVS-PRIVACY. “This new category is the result of extensive expert-driven research across the industry. It aligns with, and goes beyond the shift toward protecting user privacy started by Apple and Google,” said Holguera.
Security and privacy go hand in hand in new OWASP MASVS findings and report in NowSecure Platform and the NowSecure OWASP MASVS Pen Testing Service leverage best-in-class test automation and expertise to ensure that your app remains fully compliant across all eight MASVS domains:
- MASVS-STORAGE
- MASVS-CRYPTO
- MASVS-AUTH
- MASVS-NETWORK
- MASVS-PLATFORM
- MASVS-CODE
- MASVS-RESILIENCE
- MASVS-PRIVACY
NowSecure recently published a benchmark report revealing 95% of mobile apps fail to meet the OWASP MASVS v1.0 standard and released a guide on common secure coding mistakes, helping developers bridge the gap and enhance their security practices.
The NowSecure Platform OWASP MASVS report delivers a concise view of passed and unmet requirements and indicates if a requirement needs manual review. Mobile app security, development and GRC teams can consult the report to quickly identify areas of improvement for their mobile app testing programs. Once the app meets the MASVS v2.1 requirements, NowSecure Platform can also generate a letter of attestation to demonstrate that the app is secure and respects user privacy.
The new OWASP MASVS report will be available to NowSecure Platform customers, allowing them to incorporate the latest advancements in mobile app security and privacy testing within their development workflows. To experience NowSecure Platform and benchmark your mobile apps against the OWASP MASVS, request a demo today.
About NowSecure
Mobile apps define an enterprise’s digital presence and drive engagement with both employees and customers. However, the rapid pace of mobile innovation introduces security, safety and privacy risks that traditional risk management technologies often miss. By partnering with NowSecure to build a Mobile Applications Risk Management (MARM) program, organizations are better protected against the risks that plague the largely insecure mobile app ecosystem. NowSecure provides policy-driven progressive testing tailored to risk tiers, combining automated continuous assessments with expert Pen Testing as a Service (PTaaS) to pinpoint and remediate security, safety, and privacy issues. This approach shrinks the mobile app attack surface and accelerates app releases. Built on a foundation of industry standards by mobile security experts, NowSecure safeguards many of the world’s leading brands and their employees, partners and customers.