More Related Content Similar to How to scale mobile application security testing (20) How to scale mobile application security testing1. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
How to Scale
Mobile Application Security Testing
2. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Connect with NowSecure
Connect with us on Twitter @NowSecureMobile / #SecureTalks
—
Learn more at https://nowsecure.com
3. Katie Strzempka
Services
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
● Author of IPhone and iOS Forensics
● Masters in Cyber Forensics and
Bachelors of Science in Computer
Technology from Purdue University
● @kstrzemp
4. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Contents
● 2016 NowSecure Mobile Security Report
● The Challenges Teams Face
● How You Can Scale
5. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
2016 NowSecure Mobile
Security Report
Released last week
6. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
400K APPS
We tested
7. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
25%of Android apps have at least one
high risk security or privacy flaw
8. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Percentage of Android Apps with Security Issues
Sensitive Data Leak Issues
Network Issues
File System Issues
9. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Business apps:
High risk issues exist within each app category
3x
more likely to leak
login credentials
more likely to leak login
credentials or email address
4x1.5xmore likely to include a
high risk vulnerability
Gaming apps: Social apps:
10. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
82%of devices tested by the
Vulnerability Test Suite for Android had
at least one of 25 vulnerabilities
11. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
The Challenges
Teams face a variety of challenges with security in the SDLC
12. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Teams are overwhelmed with security testing
100+Many enterprises have more than 100
unique, internal apps
13. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Source code analysis has too many false positives
● Testing reports more false
positives instead of identifying
actual issues
● Static only
● Misses key tests such as insecure
data storage or authentication
issues
14. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Teams lack a process for mobile
● App testing is repetitive and
takes time to manually set up
testing environments
● Inconsistent methods and
results across team members
15. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Teams are finding vulnerabilities too late in the SDLC
The back-and-forth between
developers and analysts wastes
time and money
16. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
The longer you wait, the more it costs
Requirements /
Architecture
Coding Integration /
Component
Testing
System /
Acceptance
Testing
Production /
Post-Release
Source: National Institute of Standards and Technology
The cost for fixing
vulnerabilities is
30xhigher after an application has
been deployed
17. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
How to Scale
You can save time, money, and effort
18. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
What needs to be a part of the process for mobile?
● Structure a team that can integrate testing to be efficient
● Emphasize process and similar tools across teams
● Automation (both static and dynamic)
● Test early in the SDLC, with remediation recommendations built in
19. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Lab Workstation
Analyst-driven mobile app security testing kit
20. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Lab Automated
Automated app analysis with continuous integration
● Heading to RSA Conference? Stop by our booth # 3235 for a live demo.
● Set up a demo. Contact us at www.nowsecure.com/contact.
21. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Questions?
kstrzempka@nowsecure.com
+1 312.878.1100
@kstrzemp