Android “O” and iOS 11 security updates: What you need to know
Google released Android 8 (Oreo) recently, and soon Apple will release iOS 11. Both updates include a number of security enhancements.
Don’t miss this 30-minute overview of the security updates that will also touch on:
-- Changes in iOS 11 that provide better security for app data in transit
-- App permissions updates in Android Oreo
-- How Android Oreo and iOS 11 updates affect mobile app security assessments
RecordedSep 14 201747 mins
Your place is confirmed, we'll send you email reminders
Eran Kinsbruner, Chief Evangelist (Perfecto) // Brian Reed, Chief Mobility Officer (NowSecure)
CI/CD pipelines help DevOps teams automate and drive scalability of mobile app releases. However, teams still experience friction from all kinds of testing. To speed the flow, organizations are now turning to automated continuous testing (CT) in the pipeline by engaging the test automation and security teams. The latest advancements in functional and performance testing enable organizations to run faster, friction-free pipelines with CI/CD/CT.
Join Perfecto by Perforce Chief Evangelist and author, Eran Kinsbruner, and NowSecure Chief Mobility Officer, Brian Reed, in this live webinar. Understand how successful organizations optimize their CI/CD pipelines with automated CT tools for functional and security testing in their build process.
Attend this webinar to learn the following:
+ Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines.
+ How to fit automated security and functional testing together inside a DevOps process.
+ Common pitfalls in mobile app security and how to overcome them.
Everyone wants a well-organized, fast-flowing DevOps and DevSecOps pipeline, but building out an effective toolchain has its challenges. Whether you are new to Mobile DevSecOps and need a roadmap architecture to get started or you have an established toolchain and need to know where to go next, this webinar is for you.
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
With digital transformation in full swing, mobile app traffic is outpacing web app traffic for most organizations. Whether businesses build mobile apps to engage with customers, streamline operations, or grow revenue, mobile app security teams are driven by the mandate to move faster to keep pace with mobile app development. Join this webcast to learn how the mobile app security fundamentally differs from web app security and how organizations can efficiently scale their mobile appsec programs to meet business demand.
In this webcast, NowSecure Chief Mobility Officer Brian Reed will discuss:
+ How mobile-first industry innovators are using mobile apps to drive digital transformation, forcing mobile appsec to be built in, not bolted on
+ How mobile app security is fundamentally different from web app security, and how to successfully navigate those differences
+ How to prioritize, standardize & scale mobile app security testing using industry best practices and standards like OWASP, CVSS, NIST, GDPR and more.
Brian Lawrence, Solutions Engineering Manager // Brian Reed, Chief Mobility Officer
There are more than 4.5 million apps and counting in the Apple® App Store® and Google Play™, many of which release weekly or even daily. Success in continuous delivery calls for removing friction from the pipeline. However, mobile app DevSecOps teams must contend with several security and privacy challenges.
Join us for insight and best practices for achieving the DevSecOps goal of continuous security. You’ll learn:
+The most common security and privacy issues found in mobile apps
+How to partner with mobile app security, risk and compliance teams
+Approaches for automating security in the CI/CD pipeline.
Tony Ramirez, Mobile Security Analyst / Brian Reed, Chief Mobility Officer
Are you ready for Android Q and iOS 13? Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will share a deep dive into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
Brian Reed, Chief Mobility Officer, NowSecure // Alan Snyder, Chief Executive Officer, NowSecure
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Stop us if you’ve heard these before:
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Join us to sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Learn how to use the OWASP Mobile Security Project to prioritize risk and testing requirements across your entire mobile app portfolio - the apps you produce, as well as the apps you and your employees consume. In this session, we'll cover:
+ OWASP Mobile App Security Verification Standards
+ How to determine which level of verification your app needs
+ How to respond when the app doesn't meet the standard security baseline
Brian Lawrence, Solutions Engineering Manager // Brian Reed, Chief Mobility Officer, NowSecure
Are you seeking to accelerate the delivery of secure mobile apps? DevSecOps is all about letting tools do the work for you.
Many DevSecOps shops plug mobile appsec testing directly into the CI/CD toolchain to find and fix vulnerabilities faster. Automate the workflows and tune the testing to meet your needs. Empower devs with nearly zero false positives and remediation details. Break the build when necessary and release apps faster when you don’t.
Whether you focus on security or development, join this webinar to see how the NowSecure platform integrates with your ecosystem of DevOps tools such as:
+ CI/CD (CircleCI, CloudBees Jenkins, etc)
+ Issue tracking (GitHub, Jira, etc)
+ Vuln management (Brinqa, Code Dx, etc.)
Sergi "Pancake" Alvarez, Senior Mobile Security Research Engineer, NowSecure // Brian Reed, Chief Mobility Officer, NowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Join this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
As DevSecOps transformation begins to sweep across organizations, NowSecure set out to take the pulse of the movement as it relates to mobile apps. We partnered with DevOps.com to conduct the industry’s first user survey on the state of web and mobile app DevSecOps.
Attend this webinar to hear how leading organizations are adopting secure DevOps for their mobile apps and the benefits they’re achieving. You’ll discover these findings:
+Comparison of mobile app and web app adoption patterns in DevSecOps, including a few surprises
+Key insights on challenges and successes in DevSecOps across people, process and technology
+Useful data on security testing stages, frequency, metrics, and tools
Brian Reed, CMO, NowSecure // Alan Snyder, CEO, NowSecure // David Weinstein, CTO, NowSecure
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
Attend this webinar to hear our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Jeff Fairman, Senior Vice President of Engineering & Brian Reed, Chief Mobility Officer
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Attend this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
Avi Elkoni (COO/CTO, Vaporstream), Kristi Perdue Hinkle (Vaporstream), & Brian Reed (NowSecure)
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
Join us for this case study webinar to learn how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Brian Reed (CMO), Chris Cimaglia (Mobile App Security Advocate)
With 4 million public apps and millions more enterprise apps developed internally, not all Android and iOS apps are created equally. Some mobile apps simply publish information, some have sensitive data and others contain trade secrets. Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way.
NowSecure will introduce a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy. Join us for a webinar to gain practical insights, including the following:
+ The five components of risk-based testing
+ A decision grid for adjusting the depth and frequency of testing
+ How automated testing tools streamline management of the mobile app portfolio
Tony Ramirez, Mobile Security Analyst // Brian Reed, CMO
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez will take a deeper look at security updates for Android, including:
+ Learnings from Android 8 (Oreo)
+ What to expect for Android P
+ How these enhancements affect mobile app security
Tony Ramirez (Mobile Security Analyst), Brian Reed (CMO)
Much of the improvements for iOS 12 focused on security and reliability. What prompted these changes and how will it affect the path forward? Join our discussion on Tuesday as Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
Brian Reed (Chief Mobility Officer) // Alex Wishkoski (Director of Product)
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
NowSecure - protecting the business at the speed of mobile.
David Weinstein (CTO, NowSecure) // Sergi "Pancake" Àlvarez (R2) // Ole André (FRIDA)
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, learn how to use them to solve a crackme, and talk about potential future enhancements.
Attendees will learn about popular open source projects for AST and walk away with hands-on experience on how to use them and get a peek at the future.
Andrew Hoog (Founder) // Brian Reed (Chief Mobility Officer)
NowSecure continuously monitors millions of mobile apps in third-party apps in the Apple® App Store® and the Google Play™ store for security, compliance and privacy risks.
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog and Chief Mobility Officer Brian Reed will review the massive data set, detail the areas of exposure and review mitigation recommendations.
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Note: Live attendees will be entered to win a free mobile app security assessment!
The Ultimate Tools for Mobile App Security Testing
NowSecure delivers fully automated mobile app security testing software with speed, accuracy, and efficiency for Agile and DevOps initiatives. Through static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps, and privacy risks. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed.
Android “O” and iOS 11 security updates: What you need to knowMichael Krueger, NowSecure Mobile Security Analyst // Tony Ramirez, NowSecure Mobile Security Analyst[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]47 mins