Home > News > Trending news > NowSecure Announces New Pen Testing Service and Software

PLATFORM SECURITY

NowSecure Announces New Pen Testing Service and Software

NowSecure | March 24, 2022

NowSecure, the industry's leading provider of standards-based mobile app security and privacy software, today announced the launch of the world's largest mobile app pen testing service for the OWASP Mobile Application Security Verification Standard (MASVS) and the addition of automated MASVS testing to the NowSecure Platform. Presently, mobile enterprises, application developers, and security teams can rely on NowSecure specialists for the gold standard of mobile app testing to assure OWASP MASVS compliance.

In 2021, 200 billion installed mobile applications produced over $170 billion in revenue, indicating that mobile applications are driving the global economy. Customers and staff alike prefer mobile applications over online apps, with over 70% of all digital time spent in mobile apps vs. web apps. However, assaults and breaches have increased significantly in the last year, with major mobile app security problems affecting Amazon Ring, Apple iMessage, Park Mobile, Slack, and US Customs and Border Protection. According to the NowSecure MobileRiskTracker, 85% of evaluated applications contain security flaws, and 70% leak sensitive data. Companies must be careful in incorporating security into their mobile applications and extensively testing them to assure their safety.

Since its inception in 2013, the OWASP mobile project has pushed for standards-based security criteria and testing methodologies. The OWASP mobile project, which is used by mobile app developers, architects, security teams, and security researchers, contains three essential resources, the most recent of which was updated in January 2022, to give the best risk reduction method for mobile app teams:

The OWASP Mobile Application Security Verification Standard (MASVS) establishes a standard for mobile app security.
The OWASP Mobile Security Testing Guide (MSTG) describes how to put the MASVS criteria to the test.
The OWASP Mobile App Security Checklist keeps track of security assessment tasks for mobile apps.

NowSecure practitioners have collaborated on spec evolution and tools with the OWASP mobile project from its inception, and the firm acts as an OWASP "god mode" sponsor for the OWASP MASVS.

"The OWASP MASVS and MSTG are the foundation of a mobile appsec program. The MASVS guides developers and security analysts on architecture, threat modeling and proper techniques to secure mobile data. The MSTG has hundreds of tests you should perform and there are many nuances and edge cases to consider. Without the right expertise it can be tough to effectively achieve full MASVS compliance. The MSTG encourages the use of automated tools to leverage static and dynamic analysis but also emphasizes that having security professionals you can trust is essential."

Carlos Holguera, OWASP project lead and NowSecure Security Researcher

NowSecure CEO Alan Snyder said that "NowSecure is the recognized expert for standards-based testing software and services, partnering with organizations to safeguard trust in their mobile app initiatives. As an OWASP contributor and sponsor for years, we are committed to the evolution of the specifications. Today we are adding these products and services to help customers ensure the security and privacy of their mobile apps leveraging the gold standard of OWASP MASVS."

Spotlight

Zero Trust Maturity Model

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Other News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cyber Security & Cloud North America – New Line-Up Speakers Announced

TechEx Events Ltd | April 17, 2023

The Cyber Security & Cloud Congress North America (17-18th May) has announced exciting new additions to its line-up of speakers and panellists for the upcoming two-day event in Santa Clara. The event will take place on May 17th and 18th, 2023, and will feature a diverse range of tech industry experts, including CIOs, CTOs, Cyber Security, Cloud Architects, and other key players in the field. Attendees will have a great opportunity to hear from the most talented speakers including: Prasanna P., Digital Transformation Leader – Enterprise Architecture & Enterprise Strategy Leader – Molina Healthcare Shea Lovan, Chief Security Officer – UC Santa Barbara Sachin Vaidya, EVP Chief Information Officer of Heritage – Bank of Commerce Kishore Viswanathan, Senior Technical Program Manager, Cybersecurity and Compliance – Lucid Motors Sameh Emam, Division Risk Manager – Union Bank Kavitha Venkataswamy, Director – Digital Product Security – Capital One Richard Paz, CISM, Cyber Security Engineer – NASA Jet Propulsion Laboratory & many more! In addition to these keynote speakers, the event will also feature several panel discussions covering a wide range of topics, including Zero Trust, Threat Detection & Response, Training, Talent & Culture, Identity & Access Management, Application Security, Data Security and more. Attendees will have the opportunity to network with other industry professionals and gain valuable insights into the latest trends and technologies shaping the cybersecurity and cloud technology landscape. The Cyber & Cloud Congress North America promises to be a knowledge-packed, innovative, and engaging event for all those interested in Cyber Security and Cloud technology, but also the newest technology solutions, products and services that will be showcased during the event. “We are thrilled to have such an outstanding group of speakers joining us for the Cyber & Cloud Expo,” said Lia Richards, Head of Conference. “With their diverse backgrounds and extensive experience, they will bring a wealth of knowledge and insights to our attendees. We look forward to hearing their perspectives on the most pressing issues facing the industry today”. WHAT ELSE TO EXPECT? Over the course of two days at Cyber Security & Cloud Congress North America attendees will have a great number of opportunities to visit exhibition stalls and connect with the representatives of some of the world’s biggest brands including IBM, IDC, Bosh, AWS, Zoho and many more, all implementing the latest in Cyber Security & Cloud technologies within their sectors. Paying attendees will also have a chance to join the networking party event following Day 1 of the conference, where all will be able to connect and network in a more relaxed setting, with free food and drinks provided. This opportunity is open for Gold and Ultimate Pass Holders, Speakers, Press, Sponsors, and Exhibitors. Find out more information here: https://www.cybersecuritycloudexpo.com/northamerica/networking-party/ Early-bird registration offering 25% discount of the full ticket price is open until 17th April, and interested attendees are encouraged to secure their tickets before the offer ends to avoid missing out on this exciting opportunity. Follow this link to discover ticket types and prices: https://www.cybersecuritycloudexpo.com/northamerica/ticket-types-and-prices/. About TechEx Events Ltd The TechEx Event portfolio is an international conference and tech showcasing cutting-edge tech innovation in enterprise. Featuring real-life use cases and in-depth industry insights, the event series delves into the AI, Big Data, Blockchain, Cyber Security, 5G, IoT and Edge Computing ecosystems. Running for over six years, our co-located events strengths lie within our expert community. We bring the heroes responsible for pushing game changing tech and strategy together, to craft relationships and creative solutions. We are the place where networking never stops – The one-stop-shop for enterprise innovators.