Learn from the mobile app security fails of others and understand how to get Android app security right the first time around.
A quarter of mobile apps include flaws that expose sensitive personal or corporate data that can be used for illicit purposes. And the security of a mobile app has a lot to do with a user’s impression of its quality.
Fixing vulnerabilities in the late stages of your build-and-deploy cycle is a hassle, and more expensive. You’ve got to switch contexts, dig through code you haven’t thought about in weeks (or didn’t develop in the first place), and delay progress on your latest sprint.
So, what can you, the savvy Android developer, do to get security right the first time around and save yourself work later?
Or, if you’re a security practitioner, how can you give security guidance up front to help your colleagues on the development team work more efficiently?
It's not about you: Mobile security in 2016NowSecure
Legacy network security approaches define and defend a perimeter. Mobile technology explodes boundaries with apps you’re not always aware of on public networks you don't control. Dual-use devices complicate managing access to sensitive corporate resources and protecting endpoints. Traditional approaches to network, cloud, and application security don't solve the mobile security challenge.
Sam Bakken, Content Marketing Manager at NowSecure, discusses the state of mobile security in 2016 and shares strategies for managing the boundless mobile periphery.
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
How to scale mobile application security testingNowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
Preparing for the inevitable: The mobile incident response playbookNowSecure
NowSecure CEO Andrew Hoog offers an encore session of his highly anticipated talk at RSA Conference 2016, “The incident response playbook for Android and iOS."
This presentation covers the challenges in mobile as they pertain to incident response, how and why mobile differs from traditional incident response, and building blocks you can use to craft your own mobile incident response plan.
To learn more about mobile incident response, bookmark Andrew's free book "Incident Response Playbook for Android and iOS" here: https://www.nowsecure.com/resources/mobile-incident-response/en/
Shifting left: Continuous testing for better app quality and securityNowSecure
Learn how automating mobile app security testing can support continuous integration and DevOps initiatives in this webinar with Steven Winter, Founder & Chief Strategist of Guerrilla QA, and Andrew Hoog, CEO & Co-founder of NowSecure.
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
iOS and Android security: Differences you need to knowNowSecure
NowSecure Director of Research David Weistein recently spoke at the Security by Design Meetup in Washington, DC. This presentation offers information about risks impacting mobile and the differences between iOS and Android security.
Recap here: https://www.nowsecure.com/blog/2016/08/24/android-buckles-down-and-ios-opens-up-trends-in-platform-security-affecting-developers/
It's not about you: Mobile security in 2016NowSecure
Legacy network security approaches define and defend a perimeter. Mobile technology explodes boundaries with apps you’re not always aware of on public networks you don't control. Dual-use devices complicate managing access to sensitive corporate resources and protecting endpoints. Traditional approaches to network, cloud, and application security don't solve the mobile security challenge.
Sam Bakken, Content Marketing Manager at NowSecure, discusses the state of mobile security in 2016 and shares strategies for managing the boundless mobile periphery.
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
How to scale mobile application security testingNowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
Preparing for the inevitable: The mobile incident response playbookNowSecure
NowSecure CEO Andrew Hoog offers an encore session of his highly anticipated talk at RSA Conference 2016, “The incident response playbook for Android and iOS."
This presentation covers the challenges in mobile as they pertain to incident response, how and why mobile differs from traditional incident response, and building blocks you can use to craft your own mobile incident response plan.
To learn more about mobile incident response, bookmark Andrew's free book "Incident Response Playbook for Android and iOS" here: https://www.nowsecure.com/resources/mobile-incident-response/en/
Shifting left: Continuous testing for better app quality and securityNowSecure
Learn how automating mobile app security testing can support continuous integration and DevOps initiatives in this webinar with Steven Winter, Founder & Chief Strategist of Guerrilla QA, and Andrew Hoog, CEO & Co-founder of NowSecure.
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
iOS and Android security: Differences you need to knowNowSecure
NowSecure Director of Research David Weistein recently spoke at the Security by Design Meetup in Washington, DC. This presentation offers information about risks impacting mobile and the differences between iOS and Android security.
Recap here: https://www.nowsecure.com/blog/2016/08/24/android-buckles-down-and-ios-opens-up-trends-in-platform-security-affecting-developers/
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
View recorded webinar - http://get.skycure.com/accessibility-clickjacking-webinar
Accessibility Clickjacking, a vulnerability discovered by Skycure’s Mobile Threat Defense Research Team, is a method hackers may use to gain complete control over an Android device, including acquiring elevated privileges and exposing the content of all apps on the device.
It can compromise container solutions and is extremely difficult to detect.
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
View recorded webinar - http://get.skycure.com/accessibility-clickjacking-webinar
Accessibility Clickjacking, a vulnerability discovered by Skycure’s Mobile Threat Defense Research Team, is a method hackers may use to gain complete control over an Android device, including acquiring elevated privileges and exposing the content of all apps on the device.
It can compromise container solutions and is extremely difficult to detect.
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
This PPT Gives Information about:
1. Database basics,
2. Indexes,
3. PHP MyAdmin Connect & Pconnect,
4. MySQL Create,
5. MySQL Insert,
6. MySQL Select,
7. MySQL Update,
8. MySQL Delete,
9. MySQL Truncate,
10.MySQL Drop
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
As an active security researcher with immense professional expertise in application security, Jason Haddix joins us to explain the common attack vectors that face today’s mobile applications -- from a hacker’s perspective.
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
Originally Presenter October 18, 2018
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
How do you balance UX and security for mobile banking apps? Check out the slides originally presented on May 2 sharing FFIEC guidance and a study of vulnerabilities 30 mobile banking apps (15 iOS and 15 Android) from 15 financial institutions.
Tips and Tricks for Building Secure Mobile AppsTechWell
Mobile application development is now a mission-critical component of IT organizations and a big part of software industry’s landscape. Due to the security threats associated with mobile devices, it is critical we build our apps—from the ground up—to be secure and trustworthy. However, many application developers and testers do not understand how to build and test secure mobile applications. Jeffery Payne discusses the risks associated with mobile platforms/applications and describes proven practices for ensuring the safety of your mobile applications. Jeffery delves into the unique nuances of mobile platforms and how these differences impact the security approach when you are developing and testing mobile applications. Topics include session management, data encryption, securing legacy code, and platform security models. Learn what to watch out for when you start developing your next mobile app and take away tips and tricks for effectively securing and testing existing apps.
Presentation I gave at ISSA DC on June 21, 2011. It introduces the OWASP Mobile Security Project, and covers at a high level: Overview of the Android platform, Mobile Top 10 Risks, Threat Modeling for Android.
Given this, it's imperative for companies to think about mobile app security for both themselves and their customers. To do this, you must collaborate with the best mobile app development company in Bangalore that is familiar with cybersecurity.
Tips and Tricks for Building Secure Mobile AppsTechWell
Mobile application development is now a mission-critical component of many IT organizations. Due to the security threats associated with mobile devices, it is critical that mobile applications are built—from the ground up—to be secure. However, many application developers and testers do not understand how to build and test secure mobile applications. Jeffery Payne discusses the risks associated with mobile platforms/applications and describes best practices for ensuring mobile applications are secure. Jeffery discusses the unique nuances of mobile platforms and how these differences impact the security approach that must be taken when building mobile applications. Topics such as session management, data encryption, securing legacy code, and platform security models are presented. Learn what to watch out for when building mobile applications, and leave with tips and tricks for effectively securing your apps.
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
Join Cenzic’s Chris Harget for an overview of the essentials of Web Application Security, including the risks, practices and tools that improve security at every stage of the application lifecycle.
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
A mobile app that’s vulnerable to man-in-the-middle (MITM) attacks can allow an attacker to capture, view, and modify sensitive traffic sent and received between the app and backend servers. At NowSecure, Michael Krueger and Tony Ramirez spend their days performing penetration tests on Android and iOS apps, which include exploiting MITM vulnerabilities and helping developers fix them. These slides are from a 30-minute webinar with Michael & Tony about MITM attacks on mobile apps and how to prevent them that will cover:
-- Identifying man-in-the-middle vulnerabilities in mobile apps
-- How to execute a mobile man-in-the-middle attack
-- Right and wrong ways to implement certificate validation and certificate pinning
Top Practices You Need To Develop Secure Mobile Apps.Techugo
Developers prefer to store sensitive data in the device’s local memory to protect users’ data. However, it is best not to store sensitive data, as it could increase security risks. You have two options: keep the data in encrypted containers or key chains, but if you don’t have any other choice, it is best to do so. You can also reduce the log by using the auto-delete option, which deletes data automatically after a set time.
With the growing risk of malicious activity, mobile app security has become a top concern for developers. Users are less likely to trust unreliable apps. The above best practices will answer your concerns about creating a secure mobile application by the top mobile app development company in South Africa for your customers.
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps?
*These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
The 10 Commandments Security Of Mobile App DevelopmentMobio Solutions
Ensure the security of your mobile apps with our "10 Commandments of Mobile App Security". From ideation to launch, we emphasize incorporating robust security measures, utilizing advanced encryption techniques, and minimizing data storage for utmost protection. Get an insight into how we craft secure, functional, and user-friendly mobile applications at Mobio Solutions.
Android P Security Updates: What You Need to KnowNowSecure
Originally presented August 23, 2018
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez takes a deeper look at security updates for Android including learnings from Android 8, what to expect for Android 9, and the implications for mobile app security.
Originally presented on 12/5/2017
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Similar to How to make Android apps secure: dos and don’ts (20)
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
Originally Recorded March 18, 2020
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
Originally Recorded July 19, 2019
Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Watch the webinar: http://bit.ly/2DBHt7M
Watch this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
Jeff's Journey: Best Practices for Securing Mobile App DevOpsNowSecure
Originally Presented December 6, 2018
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Listen this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
A Risk-Based Mobile App Security Testing StrategyNowSecure
Originally presented on September 19, 2018
Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy.
Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
Originally presented on June 12, 2018
Much of the improvements for iOS 12 focused on privacy and reliability. What prompted these changes and how will it affect the path forward? In this discussion, Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
5 Tips for Agile Mobile App Security TestingNowSecure
Originally Presented March 21, 2018
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
Originally presented on January 23, 2018
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
What attackers know about your mobile apps that you don’t: Banking & FinTechNowSecure
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. Originally presented on October 24, 2017, mobile security expert and NowSecure founder Andrew Hoog explains the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. He then provides tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
The amount of data collected by mobile devices and apps is shocking, and vulnerable mobile apps expose that data to compromise. In our static and dynamic analysis of hundreds-of-thousands of mobile apps, we found that 25 percent of them harbor at least one high-risk vulnerability such as collecting/transmitting location data, credentials, and more in cleartext. Mobile data may only be as secure as the weakest app on someone’s device. Mobile app developers need to protect the users of their apps by building high quality, secure apps. This presentation covers the most common mobile app vulnerabilities (including a real-world demonstration), how to identify those vulnerabilities, and what to do to remediate them.
Slides from NowSecure Senior Solutions Engineer Jon Porter's talk at the OWASP Denver Chapter's July 2017 meeting.
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. NowSecure VP of Customer Success and Services Katie Strzempka covers how to take a data-driven approach to evaluating mobile apps for use at your organization.
Next-level mobile app security: A programmatic approachNowSecure
Katie Stzempka, VP of Customer Success & Services, shares some helpful guidance on how to launch and improve an internal mobile app security program. You'll learn:
-- How to unite a disarray of tasks into a mobile app security testing process
-- How to choose the right mobile app security testing tools for your maturity
-- How to establish buy-in and collaborate with developers and your DevOps team
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
+ How do vulnerable mobile apps and insecure V2D communications put drivers and manufacturers at risk?
+ Applying crashworthiness and safety ratings concepts to mobile app and connected car cybersecurity
+ How to manage mobile app security defects and vulnerabilities in the connected car and mobile app development process
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
19. Let’s talk - submit questions using the chat
function in the GoToWebinar interface
+1 312.878.1100
@NowSecureMobile
www.nowsecure.com
Learn more about developing secure Android and iOS apps with the
NowSecure Secure Mobile Development Best Practices -
www.nowsecure.com/resources/secure-mobile-development/