Vetting mobile apps for corporate use: Security essentials
Mobile devices and apps make employees more productive, but deploying leaky or vulnerable apps increases enterprise risk. What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. Join NowSecure VP of Customer Success and Services Katie Strzempka for a webinar explaining how to take a data-driven approach to evaluating mobile apps for use at your organization.
Join us for this 30-minute webinar and learn:
-- What vulnerability data is integral to making informed app vetting decisions
-- How to approach threat modeling for third-party and custom mobile apps
-- Creating a rubric for evaluating mobile apps for corporate use
RecordedJul 18 201740 mins
Your place is confirmed, we'll send you email reminders
Brian Lawrence, Solutions Engineering Manager // Brian Reed, Chief Mobility Officer
There are more than 4.5 million apps and counting in the Apple® App Store® and Google Play™, many of which release weekly or even daily. Success in continuous delivery calls for removing friction from the pipeline. However, mobile app DevSecOps teams must contend with several security and privacy challenges.
Join us for insight and best practices for achieving the DevSecOps goal of continuous security. You’ll learn:
+The most common security and privacy issues found in mobile apps
+How to partner with mobile app security, risk and compliance teams
+Approaches for automating security in the CI/CD pipeline.
Tony Ramirez, Mobile Security Analyst / Brian Reed, Chief Mobility Officer
Are you ready for Android Q and iOS 13? Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will share a deep dive into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
Brian Reed, Chief Mobility Officer, NowSecure // Alan Snyder, Chief Executive Officer, NowSecure
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Stop us if you’ve heard these before:
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Join us to sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Learn how to use the OWASP Mobile Security Project to prioritize risk and testing requirements across your entire mobile app portfolio - the apps you produce, as well as the apps you and your employees consume. In this session, we'll cover:
+ OWASP Mobile App Security Verification Standards
+ How to determine which level of verification your app needs
+ How to respond when the app doesn't meet the standard security baseline
Brian Lawrence, Solutions Engineering Manager // Brian Reed, Chief Mobility Officer, NowSecure
Are you seeking to accelerate the delivery of secure mobile apps? DevSecOps is all about letting tools do the work for you.
Many DevSecOps shops plug mobile appsec testing directly into the CI/CD toolchain to find and fix vulnerabilities faster. Automate the workflows and tune the testing to meet your needs. Empower devs with nearly zero false positives and remediation details. Break the build when necessary and release apps faster when you don’t.
Whether you focus on security or development, join this webinar to see how the NowSecure platform integrates with your ecosystem of DevOps tools such as:
+ CI/CD (CircleCI, CloudBees Jenkins, etc)
+ Issue tracking (GitHub, Jira, etc)
+ Vuln management (Brinqa, Code Dx, etc.)
Sergi "Pancake" Alvarez, Senior Mobile Security Research Engineer, NowSecure // Brian Reed, Chief Mobility Officer, NowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Join this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
As DevSecOps transformation begins to sweep across organizations, NowSecure set out to take the pulse of the movement as it relates to mobile apps. We partnered with DevOps.com to conduct the industry’s first user survey on the state of web and mobile app DevSecOps.
Attend this webinar to hear how leading organizations are adopting secure DevOps for their mobile apps and the benefits they’re achieving. You’ll discover these findings:
+Comparison of mobile app and web app adoption patterns in DevSecOps, including a few surprises
+Key insights on challenges and successes in DevSecOps across people, process and technology
+Useful data on security testing stages, frequency, metrics, and tools
Brian Reed, CMO, NowSecure // Alan Snyder, CEO, NowSecure // David Weinstein, CTO, NowSecure
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
Attend this webinar to hear our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Jeff Fairman, Senior Vice President of Engineering & Brian Reed, Chief Mobility Officer
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Attend this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
Avi Elkoni (COO/CTO, Vaporstream), Kristi Perdue Hinkle (Vaporstream), & Brian Reed (NowSecure)
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
Join us for this case study webinar to learn how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Brian Reed (CMO), Chris Cimaglia (Mobile App Security Advocate)
With 4 million public apps and millions more enterprise apps developed internally, not all Android and iOS apps are created equally. Some mobile apps simply publish information, some have sensitive data and others contain trade secrets. Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way.
NowSecure will introduce a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy. Join us for a webinar to gain practical insights, including the following:
+ The five components of risk-based testing
+ A decision grid for adjusting the depth and frequency of testing
+ How automated testing tools streamline management of the mobile app portfolio
Tony Ramirez, Mobile Security Analyst // Brian Reed, CMO
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez will take a deeper look at security updates for Android, including:
+ Learnings from Android 8 (Oreo)
+ What to expect for Android P
+ How these enhancements affect mobile app security
Tony Ramirez (Mobile Security Analyst), Brian Reed (CMO)
Much of the improvements for iOS 12 focused on security and reliability. What prompted these changes and how will it affect the path forward? Join our discussion on Tuesday as Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
Brian Reed (Chief Mobility Officer) // Alex Wishkoski (Director of Product)
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
NowSecure - protecting the business at the speed of mobile.
David Weinstein (CTO, NowSecure) // Sergi "Pancake" Àlvarez (R2) // Ole André (FRIDA)
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, learn how to use them to solve a crackme, and talk about potential future enhancements.
Attendees will learn about popular open source projects for AST and walk away with hands-on experience on how to use them and get a peek at the future.
Andrew Hoog (Founder) // Brian Reed (Chief Mobility Officer)
NowSecure continuously monitors millions of mobile apps in third-party apps in the Apple® App Store® and the Google Play™ store for security, compliance and privacy risks.
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog and Chief Mobility Officer Brian Reed will review the massive data set, detail the areas of exposure and review mitigation recommendations.
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Note: Live attendees will be entered to win a free mobile app security assessment!
Andrew Hoog (Founder) // Katie Strzempka (VP of Customer Success & Services) // Brian Reed (Chief Mobility Officer)
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. Join us for a spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Live attendees will be entered to win a free mobile app security assessment!
Brian Reed, CMO // Alex Wishkoski, Director of Product Management
What you don’t know about third-party apps in the Apple® App Store® and the Google Play™ store can hurt you. Apple and Google have app review processes at various levels, but banks and financial services organizations require more scrutiny -- especially for BYOD & COPE devices. Commercial apps used by employees in the workplace can leak data and violate security policies. Third party apps that use your company SDKs or APIs can expose your organization, defraud your customers, and tarnish your brand. Join our webinar to learn how to incorporate third-party commercial apps in your mobile threat modeling exercises and application security programs to protect your organization, your reputation, and your customers.
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog will explain the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. We will then provide tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
The Ultimate Tools for Mobile App Security Testing
NowSecure delivers fully automated mobile app security testing software with speed, accuracy, and efficiency for Agile and DevOps initiatives. Through static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps, and privacy risks. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed.