Sergi "Pancake" Alvarez, Senior Mobile Security Research Engineer, NowSecure // Brian Reed, Chief Mobility Officer, NowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Join this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
As DevSecOps transformation begins to sweep across organizations, NowSecure set out to take the pulse of the movement as it relates to mobile apps. We partnered with DevOps.com to conduct the industry’s first user survey on the state of web and mobile app DevSecOps.
Attend this webinar to hear how leading organizations are adopting secure DevOps for their mobile apps and the benefits they’re achieving. You’ll discover these findings:
+Comparison of mobile app and web app adoption patterns in DevSecOps, including a few surprises
+Key insights on challenges and successes in DevSecOps across people, process and technology
+Useful data on security testing stages, frequency, metrics, and tools
Brian Reed, CMO, NowSecure // Alan Snyder, CEO, NowSecure // David Weinstein, CTO, NowSecure
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
Attend this webinar to hear our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Jeff Fairman, Senior Vice President of Engineering & Brian Reed, Chief Mobility Officer
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Attend this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
Avi Elkoni (COO/CTO, Vaporstream), Kristi Perdue Hinkle (Vaporstream), & Brian Reed (NowSecure)
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
Join us for this case study webinar to learn how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Brian Reed (CMO), Chris Cimaglia (Mobile App Security Advocate)
With 4 million public apps and millions more enterprise apps developed internally, not all Android and iOS apps are created equally. Some mobile apps simply publish information, some have sensitive data and others contain trade secrets. Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way.
NowSecure will introduce a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy. Join us for a webinar to gain practical insights, including the following:
+ The five components of risk-based testing
+ A decision grid for adjusting the depth and frequency of testing
+ How automated testing tools streamline management of the mobile app portfolio
Tony Ramirez, Mobile Security Analyst // Brian Reed, CMO
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez will take a deeper look at security updates for Android, including:
+ Learnings from Android 8 (Oreo)
+ What to expect for Android P
+ How these enhancements affect mobile app security
Tony Ramirez (Mobile Security Analyst), Brian Reed (CMO)
Much of the improvements for iOS 12 focused on security and reliability. What prompted these changes and how will it affect the path forward? Join our discussion on Tuesday as Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
Brian Reed (Chief Mobility Officer) // Alex Wishkoski (Director of Product)
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
NowSecure - protecting the business at the speed of mobile.
David Weinstein (CTO, NowSecure) // Sergi "Pancake" Àlvarez (R2) // Ole André (FRIDA)
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, learn how to use them to solve a crackme, and talk about potential future enhancements.
Attendees will learn about popular open source projects for AST and walk away with hands-on experience on how to use them and get a peek at the future.
Andrew Hoog (Founder) // Brian Reed (Chief Mobility Officer)
NowSecure continuously monitors millions of mobile apps in third-party apps in the Apple® App Store® and the Google Play™ store for security, compliance and privacy risks.
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog and Chief Mobility Officer Brian Reed will review the massive data set, detail the areas of exposure and review mitigation recommendations.
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Note: Live attendees will be entered to win a free mobile app security assessment!
Andrew Hoog (Founder) // Katie Strzempka (VP of Customer Success & Services) // Brian Reed (Chief Mobility Officer)
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. Join us for a spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Live attendees will be entered to win a free mobile app security assessment!
Brian Reed, CMO // Alex Wishkoski, Director of Product Management
What you don’t know about third-party apps in the Apple® App Store® and the Google Play™ store can hurt you. Apple and Google have app review processes at various levels, but banks and financial services organizations require more scrutiny -- especially for BYOD & COPE devices. Commercial apps used by employees in the workplace can leak data and violate security policies. Third party apps that use your company SDKs or APIs can expose your organization, defraud your customers, and tarnish your brand. Join our webinar to learn how to incorporate third-party commercial apps in your mobile threat modeling exercises and application security programs to protect your organization, your reputation, and your customers.
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog will explain the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. We will then provide tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
Michael Krueger, NowSecure Mobile Security Analyst // Tony Ramirez, NowSecure Mobile Security Analyst
Google released Android 8 (Oreo) recently, and soon Apple will release iOS 11. Both updates include a number of security enhancements.
Don’t miss this 30-minute overview of the security updates that will also touch on:
-- Changes in iOS 11 that provide better security for app data in transit
-- App permissions updates in Android Oreo
-- How Android Oreo and iOS 11 updates affect mobile app security assessments
Brian Lawrence, NowSecure Security Solutions Engineer
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Join us for a 30-minute webinar during which NowSecure Security Solutions Engineer Brian Lawrence will explain:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
Katie Strzempka, NowSecure VP of Customer Success & Services
Mobile devices and apps make employees more productive, but deploying leaky or vulnerable apps increases enterprise risk. What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. Join NowSecure VP of Customer Success and Services Katie Strzempka for a webinar explaining how to take a data-driven approach to evaluating mobile apps for use at your organization.
Join us for this 30-minute webinar and learn:
-- What vulnerability data is integral to making informed app vetting decisions
-- How to approach threat modeling for third-party and custom mobile apps
-- Creating a rubric for evaluating mobile apps for corporate use
Michael Krueger, Solutions Engineer at NowSecure & Tony Ramirez, Software Support Engineer at NowSecure
A mobile app that’s vulnerable to man-in-the-middle (MITM) attacks can allow an attacker to capture, view, and modify sensitive traffic sent and received between the app and backend servers. At NowSecure, Michael Krueger and Tony Ramirez spend their days performing penetration tests on Android and iOS apps, which include exploiting MITM vulnerabilities and helping developers fix them. Join Michael and Tony for a 30-minute talk about MITM attacks on mobile apps and how to prevent them that will cover:
-- Identifying man-in-the-middle vulnerabilities in mobile apps
-- How to execute a mobile man-in-the-middle attack
-- Right and wrong ways to implement certificate validation and certificate pinning
Brian Lawrence, NowSecure Solutions Engineer & Keith Mokris, NowSecure Product Marketing Leader
Developers and DevOps engineers want to fail fast, iterate, and continuously improve. If security practioners want to join in the fun, they need to integrate security assessments into existing mobile DevOps workflows and toolchains. This webinar will teach security professionals, developers, and DevOps engineers how to avoid common mistakes in embedding automated app security testing into mobile DevOps practices.
Join NowSecure Solutions Engineer Brian Lawrence and Product Marketing Leader Keith Mokris to learn how to do things like:
-- Address DevOps stakeholders' worries and concerns about integrating security testing
-- Determine the right depth of analysis for continuous mobile app security testing
-- Track mobile DevSecOps metrics over time to measure success
The Ultimate Tools for Mobile App Security Testing
NowSecure delivers fully automated mobile app security testing software with speed, accuracy, and efficiency for Agile and DevOps initiatives. Through static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps, and privacy risks. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed.
Building a Mobile App Pen Testing BlueprintRono Dasgupta & Tony Ramirez, Mobile Security Analysts, NowSecure // Brian Reed, CMO, NowSecure[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]61 mins