Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture.
Watch the webinar: http://bit.ly/2DBHt7M
Watch this webinar to learn:
+ What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering;
+ Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows;
+ How to create your own new plug-in.
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
Originally Presenter October 18, 2018
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Android P Security Updates: What You Need to KnowNowSecure
Originally presented August 23, 2018
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez takes a deeper look at security updates for Android including learnings from Android 8, what to expect for Android 9, and the implications for mobile app security.
A Risk-Based Mobile App Security Testing StrategyNowSecure
Originally presented on September 19, 2018
Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy.
Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
Originally Recorded July 19, 2019
Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
Debunking the Top 5 Myths About Mobile AppSecNowSecure
Originally presented June 24, 2019
https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/
It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger.
Have you heard these before?
- Testing mobile apps is the same as web apps
- SAST is good enough for mobile, you don’t need DAST
- Mobile apps are secure because Apple and Google security test them
- Outsourcing a penetration test once per year is sufficient to mitigate risk
Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Building a Mobile App Pen Testing BlueprintNowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started.
It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app.
This webinar covers:
+Tips and tricks for targeting common issues
+The best tools for the job
+How to document findings to close the loop on vulnerabilities.
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
Originally Presenter October 18, 2018
Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps.
This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications:
+ Designing a secure app architecture & development process
+ Incorporating security testing into the release cycle
+ Comprehensive penetration testing
Android P Security Updates: What You Need to KnowNowSecure
Originally presented August 23, 2018
2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez takes a deeper look at security updates for Android including learnings from Android 8, what to expect for Android 9, and the implications for mobile app security.
A Risk-Based Mobile App Security Testing StrategyNowSecure
Originally presented on September 19, 2018
Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy.
Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
Originally Recorded July 19, 2019
Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data.
NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about:
+ Increased transparency and granularity over location tracking
+ New protections for sensitive information
+ Safer data exchanges in Android Q through TLS 1.3 encryption
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
Originally Recorded March 18, 2020
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
5 Tips for Agile Mobile App Security TestingNowSecure
Originally Presented March 21, 2018
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
Originally presented on January 23, 2018
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Originally presented on 12/5/2017
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Backstage Tour of Identity - London Identity SummitForgeRock
This session covers the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
The session includes interactive discussion and feature:
- Single View of the Customer
- Social media registration
- Multi-Factor Single Sign On
- Consent driven sharing
- IoT integration
You will leave the tour with a good understanding of how to deploy large scale digital identity projects and where you should start.
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Identity Relationship Management - The Right Approach for a Complex Digital W...ForgeRock
In this webinar, ForgeRock experts show you how identity can be used for more than just allowing people to login into applications, and how it is the key to unlocking a personalized user experience using an Identity Relationship Management approach. Also, why the ForgeRock Platform is the right solution for your legacy, current day, and future identity challenges.
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
iOS and Android security: Differences you need to knowNowSecure
NowSecure Director of Research David Weistein recently spoke at the Security by Design Meetup in Washington, DC. This presentation offers information about risks impacting mobile and the differences between iOS and Android security.
Recap here: https://www.nowsecure.com/blog/2016/08/24/android-buckles-down-and-ios-opens-up-trends-in-platform-security-affecting-developers/
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
Lightning Talk: From Sinatra to Grape.pdfRenato675806
When AppTweak started we used Sinatra for our APIs but as time went by we were looking for a better solution to help us document our endpoints, both internal and external. Then we chose Grape.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870
2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches.
This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas:
+ Mobile ecosystem: OSes, devices, apps and app stores
+ Evolving mobile security threats
+ The rise of DevSecOps and the automation of everything
+ The disruptive economics of automating manual pen testing
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
Originally Recorded March 18, 2020
DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn:
+ The most popular tools and integrations to automate and scale your pipeline
+ How and where mobile DevSecOps differs from web
+ Where to apply dynamic and interactive application security testing to speed app delivery
5 Tips for Agile Mobile App Security TestingNowSecure
Originally Presented March 21, 2018
Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities.
Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
Originally presented on January 23, 2018
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
In the final installment of our mobile penetration testing trilogy, we dive deep to find security flaws in mobile apps by dissecting the code with reverse-engineering and code analysis.
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Originally presented on 12/5/2017
To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
Backstage Tour of Identity - London Identity SummitForgeRock
This session covers the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
The session includes interactive discussion and feature:
- Single View of the Customer
- Social media registration
- Multi-Factor Single Sign On
- Consent driven sharing
- IoT integration
You will leave the tour with a good understanding of how to deploy large scale digital identity projects and where you should start.
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Identity Relationship Management - The Right Approach for a Complex Digital W...ForgeRock
In this webinar, ForgeRock experts show you how identity can be used for more than just allowing people to login into applications, and how it is the key to unlocking a personalized user experience using an Identity Relationship Management approach. Also, why the ForgeRock Platform is the right solution for your legacy, current day, and future identity challenges.
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
iOS and Android security: Differences you need to knowNowSecure
NowSecure Director of Research David Weistein recently spoke at the Security by Design Meetup in Washington, DC. This presentation offers information about risks impacting mobile and the differences between iOS and Android security.
Recap here: https://www.nowsecure.com/blog/2016/08/24/android-buckles-down-and-ios-opens-up-trends-in-platform-security-affecting-developers/
The OWASP Mobile Top 10 is a nice start for any developer or a security professional, but the road is still ahead and there is so much to do to destroy most of the possible doors that hackers can use to find out about app’s vulnerabilities. We look forward to the OWASP to continue their work, but let’s not stay on the sidelines!
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
Lightning Talk: From Sinatra to Grape.pdfRenato675806
When AppTweak started we used Sinatra for our APIs but as time went by we were looking for a better solution to help us document our endpoints, both internal and external. Then we chose Grape.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
Sydney Identity Summit presentation by Andrew Latham, Director, Customer Engineering, ForgeRock and Warren Strange, Director, Customer Engineering, ForgeRock
Experiences with serverless for high throughput low usage applications | ryan...AWSCOMSUM
A talk around Deep3’s experience producing applications that are wholly serverless. Our focus is the kind of task that runs infrequently but when invoked uses a lot of resources. For example periodic web scraping or similar.
See the talk here:
https://youtu.be/jDwDoWRroVY
Bengaluru Splunk User Group kick off.
Introduction to User Group Leaders,
Session 1 on Splunk Remote Work Insights
Session 2 on Splunk Dashboard Journey
Hybrid mobile development with Oracle JETRohit Dhamija
NetBeans Day Bangalore 2017 event. Covered following topics:
Overview: Native, Web and Hybrid Apps
Cordova based JET Hybrid Application
Code and Demo
Development of Oracle JET Hybrid mobile applications using NetBeans IDE
API Description Languages: Which is the Right One for Me?Akana
SOA Software Director of API Strategy, Laura Heritage, discusses new ways to describe and document APIs have emerged such as Swagger, RAML, API Blueprint and others, each taking a slightly different approach. Please join us in this webinar to hear how these description languages differ and how to choose right one for your API.
Delivering Mobile Apps to the Field with Oracle JETSimon Haslam
First delivered at the Oracle Code One conference in San Francisco on 22 October 2018, this presentation describes how you can use Oracle JET to build hybrid mobile apps for field use.
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifiTimothy Spann
Tracking crime as it occurs with apache phoenix, apache hbase and apache nifi.
Ingesting JSON Crime Feeds, XML Feeds, Twitter feeds, Traffic Camera Images.
Secure Application Development InfoShare 2022Radu Vunvulea
This session aims to identify the tools that help us build secure applications and environments for Azure during the development journey. The focus is on the developers and the tools we can use to ensure that our code is secure and aligned with all the available best practices and recommendations.
Jeff's Journey: Best Practices for Securing Mobile App DevOpsNowSecure
Originally Presented December 6, 2018
As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands.
After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Listen this webinar to learn:
+ Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase
+ The unique requirements, toolchain options and best practices for secure mobile DevOps
+ How to combine continuous daily testing with outsourced pen testing.
Originally presented on June 12, 2018
Much of the improvements for iOS 12 focused on privacy and reliability. What prompted these changes and how will it affect the path forward? In this discussion, Tony Ramirez, Mobile Security Analyst, shares about the following:
+ Learnings & remediations from iOS 11
+ Predictions coming out of WWDC
+ How we see the newest software update, iOS 12, affecting mobile app security testing
What attackers know about your mobile apps that you don’t: Banking & FinTechNowSecure
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. Originally presented on October 24, 2017, mobile security expert and NowSecure founder Andrew Hoog explains the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. He then provides tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
The amount of data collected by mobile devices and apps is shocking, and vulnerable mobile apps expose that data to compromise. In our static and dynamic analysis of hundreds-of-thousands of mobile apps, we found that 25 percent of them harbor at least one high-risk vulnerability such as collecting/transmitting location data, credentials, and more in cleartext. Mobile data may only be as secure as the weakest app on someone’s device. Mobile app developers need to protect the users of their apps by building high quality, secure apps. This presentation covers the most common mobile app vulnerabilities (including a real-world demonstration), how to identify those vulnerabilities, and what to do to remediate them.
Slides from NowSecure Senior Solutions Engineer Jon Porter's talk at the OWASP Denver Chapter's July 2017 meeting.
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. NowSecure VP of Customer Success and Services Katie Strzempka covers how to take a data-driven approach to evaluating mobile apps for use at your organization.
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
A mobile app that’s vulnerable to man-in-the-middle (MITM) attacks can allow an attacker to capture, view, and modify sensitive traffic sent and received between the app and backend servers. At NowSecure, Michael Krueger and Tony Ramirez spend their days performing penetration tests on Android and iOS apps, which include exploiting MITM vulnerabilities and helping developers fix them. These slides are from a 30-minute webinar with Michael & Tony about MITM attacks on mobile apps and how to prevent them that will cover:
-- Identifying man-in-the-middle vulnerabilities in mobile apps
-- How to execute a mobile man-in-the-middle attack
-- Right and wrong ways to implement certificate validation and certificate pinning
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
How do you balance UX and security for mobile banking apps? Check out the slides originally presented on May 2 sharing FFIEC guidance and a study of vulnerabilities 30 mobile banking apps (15 iOS and 15 Android) from 15 financial institutions.
Next-level mobile app security: A programmatic approachNowSecure
Katie Stzempka, VP of Customer Success & Services, shares some helpful guidance on how to launch and improve an internal mobile app security program. You'll learn:
-- How to unite a disarray of tasks into a mobile app security testing process
-- How to choose the right mobile app security testing tools for your maturity
-- How to establish buy-in and collaborate with developers and your DevOps team
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
+ How do vulnerable mobile apps and insecure V2D communications put drivers and manufacturers at risk?
+ Applying crashworthiness and safety ratings concepts to mobile app and connected car cybersecurity
+ How to manage mobile app security defects and vulnerabilities in the connected car and mobile app development process
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY