Name: Using OWASP Guidelines & Threat Modeling for Mobile AppSec
Start: 2019-06-13T19:00:00Z
End: 2019-06-13T19:35:46.000Z
Location: BrightTALK
Rating: 0

NowSecure delivers fully automated mobile app security testing software with speed, accuracy, and efficiency for Agile and DevOps initiatives. Through static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps, and privacy risks. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed.

CI/CD pipelines help DevOps teams automate and drive scalability of mobile app releases. However, teams still experience friction from all kinds of testing. To speed the flow, organizations are now turning to automated continuous testing (CT) in the pipeline by engaging the test automation and security teams. The latest advancements in functional and performance testing enable organizations to run faster, friction-free pipelines with CI/CD/CT.

Join Perfecto by Perforce Chief Evangelist and author, Eran Kinsbruner, and NowSecure Chief Mobility Officer, Brian Reed, in this live webinar. Understand how successful organizations optimize their CI/CD pipelines with automated CT tools for functional and security testing in their build process.

Attend this webinar to learn the following:

+ Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines.
+ How to fit automated security and functional testing together inside a DevOps process.
+ Common pitfalls in mobile app security and how to overcome them.

Deliver Flawless Mobile Apps Faster With CI/CD & CT

Everyone wants a well-organized, fast-flowing DevOps and DevSecOps pipeline, but building out an effective toolchain has its challenges. Whether you are new to Mobile DevSecOps and need a roadmap architecture to get started or you have an established toolchain and need to know where to go next, this webinar is for you.

DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery

From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture

With digital transformation in full swing, mobile app traffic is outpacing web app traffic for most organizations. Whether businesses build mobile apps to engage with customers, streamline operations, or grow revenue, mobile app security teams are driven by the mandate to move faster to keep pace with mobile app development. Join this webcast to learn how the mobile app security fundamentally differs from web app security and how organizations can efficiently scale their mobile appsec programs to meet business demand.

In this webcast, NowSecure Chief Mobility Officer Brian Reed will discuss:
+ How mobile-first industry innovators are using mobile apps to drive digital transformation, forcing mobile appsec to be built in, not bolted on
+ How mobile app security is fundamentally different from web app security, and how to successfully navigate those differences
+ How to prioritize, standardize & scale mobile app security testing using industry best practices and standards like OWASP, CVSS, NIST, GDPR and more.

Fundamentals of Delivering Secure Mobile Apps at Scale

There are more than 4.5 million apps and counting in the Apple® App Store® and Google Play™, many of which release weekly or even daily. Success in continuous delivery calls for removing friction from the pipeline. However, mobile app DevSecOps teams must contend with several security and privacy challenges.

Join us for insight and best practices for achieving the DevSecOps goal of continuous security. You’ll learn:
+The most common security and privacy issues found in mobile apps
+How to partner with mobile app security, risk and compliance teams
+Approaches for automating security in the CI/CD pipeline.

How to Put the ‘Sec’ in Mobile DevSecOps

Are you ready for Android Q and iOS 13? Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data. 

NowSecure Mobile Security Analyst Tony Ramirez will share a deep dive into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information 
+ Safer data exchanges in Android Q through TLS 1.3 encryption

Coming Soon: Android Q & iOS 13 Privacy Enhancements

It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger. 

Stop us if you’ve heard these before:
- Testing mobile apps is the same as web apps 
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk

Join us to sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.

Debunking the Top 5 Myths About Mobile AppSec

Are you seeking to accelerate the delivery of secure mobile apps? DevSecOps is all about letting tools do the work for you.

Many DevSecOps shops plug mobile appsec testing directly into the CI/CD toolchain to find and fix vulnerabilities faster. Automate the workflows and tune the testing to meet your needs. Empower devs with nearly zero false positives and remediation details. Break the build when necessary and release apps faster when you don’t.

Whether you focus on security or development, join this webinar to see how the NowSecure platform integrates with your ecosystem of DevOps tools such as:
+ CI/CD (CircleCI, CloudBees Jenkins, etc)
+ Issue tracking (GitHub, Jira, etc) 
+ Vuln management (Brinqa, Code Dx, etc.)

Integrating Security into the Mobile App DevOps Ecosystem

Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.

Join this webinar to learn: 
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.

OSS Tools: Creating a Reverse Engineering Plug-in for r2frida

As DevSecOps transformation begins to sweep across organizations, NowSecure set out to take the pulse of the movement as it relates to mobile apps. We partnered with DevOps.com to conduct the industry’s first user survey on the state of web and mobile app DevSecOps.

Attend this webinar to hear how leading organizations are adopting secure DevOps for their mobile apps and the benefits they’re achieving. You’ll discover these findings:
+Comparison of mobile app and web app adoption patterns in DevSecOps, including a few surprises
+Key insights on challenges and successes in DevSecOps across people, process and technology
+Useful data on security testing stages, frequency, metrics, and tools

Survey Sneak Peek: The State of DevSecOps for Mobile Apps

Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started. 

It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app. 

Join this webinar to learn:
+Tips and tricks for targeting common issues
+The best tools for the job 
+How to document findings to close the loop on vulnerabilities.

Building a Mobile App Pen Testing Blueprint

2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches. 

Attend this webinar to hear our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
and more.

Mobile App Security Predictions 2019

As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands. 

After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Attend this webinar to learn: 
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase 
+ The unique requirements, toolchain options and best practices for secure mobile DevOps 
+ How to combine continuous daily testing with outsourced pen testing.

Best Practices for Securing Mobile App DevOps

Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.

Join us for this case study webinar to learn how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle 
+ Comprehensive penetration testing

Case Study: Ironclad Messaging & Secure App Dev for Regulated Industries

With 4 million public apps and millions more enterprise apps developed internally, not all Android and iOS apps are created equally. Some mobile apps simply publish information, some have sensitive data and others contain trade secrets. Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way.  

NowSecure will introduce a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy. Join us for a webinar to gain practical insights, including the following: 


+ The five components of risk-based testing 
+ A decision grid for adjusting the depth and frequency of testing 
+ How automated testing tools streamline management of the mobile app portfolio

A Risk-Based Mobile App Security Testing Strategy

2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez will take a deeper look at security updates for Android, including: 
+ Learnings from Android 8 (Oreo)
+ What to expect for Android P
+ How these enhancements affect mobile app security

Android P Security Updates: What You Need to Know

Much of the improvements for iOS 12 focused on security and reliability. What prompted these changes and how will it affect the path forward? Join our discussion on Tuesday as Tony Ramirez, Mobile Security Analyst, shares about the following:

+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing

iOS 12 Preview - What You Need To Know

Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities. 

Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.

NowSecure - protecting the business at the speed of mobile.

5 Tips for Agile Mobile App Security Testing

Learn how to use the OWASP Mobile Security Project to prioritize risk and testing requirements across your entire mobile app portfolio - the apps you produce, as well as the apps you and your employees consume. In this session, we'll cover:
+ OWASP Mobile App Security Verification Standards
+ How to determine which level of verification your app needs
+ How to respond when the app doesn't meet the standard security baseline

Using OWASP Guidelines & Threat Modeling for Mobile AppSec

OWASP

Mobile App Security

Threat Modeling

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Using OWASP Guidelines & Threat Modeling for Mobile AppSec

Presented by

About this talk

More from this channel