how to scale mobile application security testing
TRANSCRIPT
![Page 1: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/1.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
How to ScaleMobile Application Security Testing
![Page 2: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/2.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Connect with NowSecure
Connect with us on Twitter @NowSecureMobile / #SecureTalks
—
Learn more at https://nowsecure.com
![Page 3: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/3.jpg)
Katie StrzempkaServices
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
● Author of IPhone and iOS Forensics
● Masters in Cyber Forensics and Bachelors of Science in Computer Technology from Purdue University
● @kstrzemp
![Page 4: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/4.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Contents
● 2016 NowSecure Mobile Security Report
● The Challenges Teams Face
● How You Can Scale
![Page 5: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/5.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
2016 NowSecure Mobile Security Report
Released last week
![Page 6: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/6.jpg)
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
400K APPSWe tested
![Page 7: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/7.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
25% of Android apps have at least one high risk security or privacy flaw
![Page 8: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/8.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Percentage of Android Apps with Security Issues
Sensitive Data Leak Issues
Network Issues
File System Issues
![Page 9: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/9.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Business apps:
High risk issues exist within each app category
3xmore likely to leak login credentials
more likely to leak login credentials or email address
4x1.5xmore likely to include a high risk vulnerability
Gaming apps: Social apps:
![Page 10: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/10.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
82% of devices tested by the Vulnerability Test Suite for Android had at least one of 25 vulnerabilities
![Page 11: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/11.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
The ChallengesTeams face a variety of challenges with security in the SDLC
![Page 12: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/12.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Teams are overwhelmed with security testing
100+Many enterprises have more than 100
unique, internal apps
![Page 13: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/13.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Source code analysis has too many false positives
● Testing reports more false positives instead of identifying actual issues
● Static only
● Misses key tests such as insecure data storage or authentication issues
![Page 14: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/14.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Teams lack a process for mobile
● App testing is repetitive and takes time to manually set up testing environments
● Inconsistent methods and results across team members
![Page 15: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/15.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Teams are finding vulnerabilities too late in the SDLC
The back-and-forth between developers and analysts wastes time and money
![Page 16: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/16.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
The longer you wait, the more it costs
Requirements / Architecture
Coding Integration /Component
Testing
System /Acceptance
Testing
Production / Post-Release
Source: National Institute of Standards and Technology
The cost for fixing vulnerabilities is
30x higher after an application has been deployed
![Page 17: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/17.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
How to ScaleYou can save time, money, and effort
![Page 18: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/18.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
What needs to be a part of the process for mobile?
● Structure a team that can integrate testing to be efficient
● Emphasize process and similar tools across teams
● Automation (both static and dynamic)
● Test early in the SDLC, with remediation recommendations built in
![Page 19: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/19.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Lab WorkstationAnalyst-driven mobile app security testing kit
![Page 20: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/20.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Lab AutomatedAutomated app analysis with continuous integration
● Heading to RSA Conference? Stop by our booth # 3235 for a live demo.
● Set up a demo. Contact us at www.nowsecure.com/contact.
![Page 21: How to scale mobile application security testing](https://reader031.vdocuments.net/reader031/viewer/2022021502/587b11561a28abb15c8b6737/html5/thumbnails/21.jpg)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..
Questions?
[email protected]+1 312.878.1100
@kstrzemp