NOWSECURE UNVEILS FIRST AUTOMATED OWASP MASVS V2.1 MOBILE APP SECURITY AND NEW PRIVACY TESTING

NowSecure MARI is the industry’s first simple risk score based on millions of assessments that identifies third-party apps vulnerable to PII and IP exfiltration, supply-chain and MiTM attacks and sensitive data theft.

MARI Datasheet featured image 768X480
NowSecure Launches Mobile App Risk Intelligence Solution to Combat Threats to Customer and Employee Security, Safety and Privacy NowSecure Launches Mobile App Risk Intelligence Solution to Combat Threats to Customer and Employee Security, Safety and Privacy Show More
magnifying glass icon

NowSecure Platform

All-in-one solution for continuous automated mobile appsec for apps you build and use.

NowSecure Platform Screenshot
Get A Demo

Organizations are mobilizing faster and at greater scale than ever before. With 6 million mobile apps and growing across Google Play™ and the Apple App Store™ and millions more developed for internal use, mobile application security testing has never been more important. The Award Winning NowSecure Platform is here to help.

Mobile Apps Require Proven Security

30
%

improvement in release times

30
%

reduction in security vulnerabilities

+
4
M

automated mobile app assessments

+
8
M

automatically identified vulnerabilities

+
15

pre-built integrations into SDLC tools (plus open APIs)

Deliver Fast,
Stay Secure.

NowSecure Platform is built on more than a dozen years of experience in building advanced tools, mobile-first services and active support of open-source and industry standards projects like OWASP, ADA MASA, Frida and Radare. This includes delivering the industry’s first fully automated mobile app security platform, first expert pen testing services, first mobile PTaaS solution, first all-in-one workstation kit, first free online mobile appsec training courseware and the world’s first online mobile AppSec testing community, the NowSecure Mobileverse™. NowSecure Platform is the industry leading, award winning mobile appsec solution that can test any mobile app language or framework!

Automation and Integration

Continuously test mobile apps as you build them to keep pace with Agile and DevOps software development timelines integrated directly into tools development uses every day. This approach ensures a collaborative bridge across dev, security, GRC and mobile center of excellence (MCOE) teams.The NowSecure Command Line Interface (CLI) enables even more custom interactions and integrations into development workflows.

Comprehensive Testing

NowSecure Platform uniquely meets the needs and complex infrastructure of the modern mobile SDLC providing security and privacy testing solutions with automated static, dynamic, interactive and APISec analysis with high accuracy. Get a holistic view of your current mobile appsec program with the new Portfolio Health Dashboard, designed to show actionable analytics on the security risks.

Built By Mobile Experts

With one unified approach, test the mobile apps you build and use with tools built by the leading mobile experts. Frida, Radare, and support for the OWASP Mobile Project and ADA MASA all come from the world-class NowSecure research team.

Standards and Policy-Based Testing

Simply meet mobile standards and compliance requirements for NIST, FISMA, GDPR and NIAP among others or base testing on frameworks like the MITRE ATT&CK for Mobile, OWASP Mobile Security Testing Guide, ADA Mobile App Security Assessment (MASA), or a customized policy based on the risk profile and threat landscape.

It’s As Easy As 1-2-3

NowSecure Platform is incredibly easy to use through web interface, APIs or integrated directly into your dev pipeline tools and code repos to help you deliver secure mobile apps faster at scale.

The NowSecure Platform in Action

Get the security you need built into your mobile pipelines and code repos, with full depth of coverage with automation that is continuous, customizable, and accurate to deliver secure mobile apps on time, on budget. NowSecure customers value the approach to continuously meeting the unique needs and complex infrastructure of modern mobile SDLC programs, providing a mobile app security checklist and privacy solutions that are continuous, customizable, accurate, and keep pace.

Comprehensive Testing & Analysis

1. Dynamic Application Security Testing
2. Interactive Application Security Testing
3. Binary Static Application Security Testing
4. API Security Testing
5. Dynamic Software Bill of Material Generation
6. CVSS Security Scoring
7. Custom Policy Driven Approach
8. Compliance Checks
9. Findings Descriptions with descriptions, steps to reproduce and business impact
10.Embedded Developer Remediation with instructions and code samples
11.Just-in-time contextual training with relevant NowSecure Academy video courses
12.Actionable analytics across mobile apps with Portfolio Health Dashboard

Speed Deployment through Integrations

Integrate NowSecure using pre-built integrations, open APIs, and native CLI to power a secure development workflow within existing dev lifecycle processes. Reduce costs, complexity, and risk as NowSecure enables robust two-way integration throughout your pipelines:

Accelerate The Delivery Of Secure Mobile Apps

Standards-based approach enables predictability and alignment between architects, dev, ops, QA and security teams. Fast testing integrated directly into existing pipeline tools and code repos speeds action with no need to learn new tools, no interruption of existing workflows.  Highly accurate test results and embedded remediation instructions speeds remediation with no wasted time. Online training and ticket-based learning grows security skills for continuous improvement.Unified solution suite provides automated testing, manual testing, expert manual pen testing and compliance validation services all in one place.

Tune to Fit All Mobile AppSec Testing Programs

NowSecure Platform meets organization needs today and scales with your mobile app security testing program. For small teams just starting, combining NowSecure Platform with NowSecure Penetration Testing Services provides automated testing with periodic depth easily with a unified solution. Cultivating Security Champions? NowSecure Platform with NowSecure Academy provides the tooling and expertise needed for a security-minded developer or security professionals pivoting into mobile apps. Mobile app security testing teams with extensive processes can lean on NowSecure for the most robust portfolio of mobile appsec tools, training, integration, and expert support

Dial In Test Coverage to Your Risk Model

Because not all mobile apps are created equal, NowSecure Platform enables teams to tune testing coverage based on a tiered risk model based on risk profile, threat model, and budget of the team. Baseline runs fast all the time with defaults. Advanced enables configuration and testing of custom account information, PII and other sensitive data. Guided includes our expert security analysts navigating your mobile app to handle complex scenarios like MFA, CAPTCHA and shopping carts. Add Expert NowSecure Services Pen Testing for your highest risk mobile apps. All results in one common platform integrated into your workflows.

Seamless Integration In Your Enterprise Toolchain

NowSecure Platform fits directly into your mobile development process and tools, enabling dev, Ops, QA, security and all stakeholders to work within their existing toolsets and workflows.

Utilize GitHub Actions to Integrate with GitHub Advanced Security and Dependabot

GitHub Actions offer your team a direct integration into your code repo to automate the security in your mobile app build, test, and deployment pipeline. GitHub Advanced Security simplifies mobile app security testing directly inside GitHub workflows for developer-first security. The NowSecure GitHub Action for Mobile App Analysis offers the industry’s first automated dynamic mobile app security testing solution integrated into GitHub Advanced Security’s code scanning interface generating GitHub Issues with code samples and remediation guides. The NowSecure GitHub Action for Mobile SBOM supports Software Bill of Materials (SBOM) generation into GitHub Dependabot graph. Available in the GitHub marketplace, these two actions drive DevSecOps, speeding the identification and repair of security bugs while reduce the risk of outdated or insecure software dependencies. Watch the GitHub NowSecure Integration Video

Jenkins and JIRA: Go from Build to Bug in 15 Minutes or Less

Teams that utilize Jenkins and JIRA for mobile app building and ticketing can utilize Nowsecure Platform seamlessly. Customers can integrate security assessments from NowSecure via Jenkins into the dev lifecycle immediately post-build, with issues auto-fed into JIRA. The result is no manual intervention from security or development. NowSecure pinpoints real issues in minutes, with developer-fix details, and routes tickets automatically into ticketing systems and directly to the relevant team board. Continuous integration and bug-tracking tools already part of the DevOps technology stack improve code quality. With NowSecure integration, every time an app build is completed, an assessment is performed, app vulnerabilities are created and piped directly into any ticketing or issue tracking system dev teams use.

Simplify Mobile Supply Chain Risk Management with Automated Mobile App Vetting

NowSecure Platform can be used to monitor your internally built apps in production,  and offers valuable, timely security and privacy data on the third party mobile apps available in public app stores. Internal and third-party developed mobile apps present risk to organization and customers as they may capture and leak personally identifiable information, IP, geolocation or other sensitive data. This mobile app risk data can be integrated with MDM/EMM solutions for large scale enterprise-wide monitoring and whitelist/blacklist of BYOD and BYOA scenarios.

The NowSecure Suite Starts with Our Platform

Experts testing millions of mobile apps, contributing to standards and open source, and researching mobile app security. Visibility, efficiency, and risk control required to safely deliver mobile apps.

Speed Secure Mobile App Delivery

NowSecure Platform is fully automated and integrated and can be used continuously by development or security teams to test mobile apps and accelerate release schedules while reducing organizational security risks.

Combine Continuous Automated with Periodic Manual

NowSecure Platform provides continuous, integrated, automated mobile app security and privacy testing. Equip your security teams and executives with additional coverage and tools with NowSecure Pen Testing Services and NowSecure Workstation.

Shift Right and Protect the Supply Chain

The mobile app landscape includes many apps which could pose a security threat to your organization even if they are not apps you’ve built. Utilize NowSecure Platform to assess the mobile apps your teams use for security issues.

Shift Left and Train More

Training is a critical missing link in the development of secure mobile apps. NowSecure Academy is a free resource for all development and security professionals to take advantage of and learn secure coding and mobile app testing best practices.

Tickets include remediation suggestions from NowSecure which are very, very helpful.
Micha Katz Chief Information Security Officer, Yellow Card Case Study | Fintech
“It’s a huge workload lifted from my mobile security team.”
Mike McHugh Mobile Security Program Manager, Department of Justice
NowSecure continuously monitors the Habit Mastery app for security and privacy vulnerabilities and gives it a clean bill of health, providing our users with confidence that their data is secure while they build and maintain positive habits.”
Sharon Lipinski CEO and Founder
NowSecure Platform automates security testing throughout our DevSecOps pipeline from the build process all the way to issues ticketing.”
Dmytro Bezpalyi Security Engineer, Camelot Lottery Solutions
NowSecure has been a huge benefit because it saves a lot of time and gives us peace of mind knowing we have continuous testing coverage.”
Joe DiMarzio Senior Product Security Engineer
One of the best things about moving to NowSecure is not having to fan through a 110-page security audit to figure out what bugs and security issues you need to address.”
Eric Caron Senior Director of IT Solutions
We reached out to NowSecure and were pleased that they rapidly responded in 24 hours to test our mobile app so we could speed it to market from start to finish in just a few weeks.”
Vicki Seyfert-Margolis CEO
It’s a significant relief for the team when an independent third party like NowSecure tests the app and certifies that both the code and the DevOps side of our production implementation are secure.”
Avi Elkoni CTO
We rarely get things that are ready to go out of the box, but when we received the NowSecure solution, we were up and running the same day.”
Derrick Smith CEO, NSight365
Unless you have infinite time and money and can hire your own team of penetration testers, then NowSecure is an absolutely incredible solution for testing your mobile apps for security vulnerabilities.
IT security analyst, credit union
NowSecure Platform helps reassure our enterprise customers that we’re effectively managing risk.
Brandon Hall, Director of Engineering, EveryoneSocial

Get Continuous, Automated
Mobile Security Testing

See the NowSecure Platform in Action