How to scale mobile application security testing

How to ScaleMobile Application Security Testing

Connect with NowSecure

Connect with us on Twitter @NowSecureMobile / #SecureTalks

Learn more at https://nowsecure.com

Katie StrzempkaServices

● Author of IPhone and iOS Forensics

● Masters in Cyber Forensics and Bachelors of Science in Computer Technology from Purdue University

● @kstrzemp

Contents

● 2016 NowSecure Mobile Security Report

● The Challenges Teams Face

● How You Can Scale

2016 NowSecure Mobile Security Report

Released last week

400K APPSWe tested

25% of Android apps have at least one high risk security or privacy flaw

Percentage of Android Apps with Security Issues

Sensitive Data Leak Issues

Network Issues

File System Issues

Business apps:

High risk issues exist within each app category

3xmore likely to leak login credentials

more likely to leak login credentials or email address

4x1.5xmore likely to include a high risk vulnerability

Gaming apps: Social apps:

82% of devices tested by the Vulnerability Test Suite for Android had at least one of 25 vulnerabilities

The ChallengesTeams face a variety of challenges with security in the SDLC

Teams are overwhelmed with security testing

100+Many enterprises have more than 100

unique, internal apps

Source code analysis has too many false positives

● Testing reports more false positives instead of identifying actual issues

● Static only

● Misses key tests such as insecure data storage or authentication issues

Teams lack a process for mobile

● App testing is repetitive and takes time to manually set up testing environments

● Inconsistent methods and results across team members

Teams are finding vulnerabilities too late in the SDLC

The back-and-forth between developers and analysts wastes time and money

The longer you wait, the more it costs

Requirements / Architecture

Coding Integration /Component

Testing

System /Acceptance

Testing

Production / Post-Release

Source: National Institute of Standards and Technology

The cost for fixing vulnerabilities is

30x higher after an application has been deployed

How to ScaleYou can save time, money, and effort

What needs to be a part of the process for mobile?

● Structure a team that can integrate testing to be efficient

● Emphasize process and similar tools across teams

● Automation (both static and dynamic)

● Test early in the SDLC, with remediation recommendations built in

Lab WorkstationAnalyst-driven mobile app security testing kit

Lab AutomatedAutomated app analysis with continuous integration

● Heading to RSA Conference? Stop by our booth # 3235 for a live demo.

● Set up a demo. Contact us at www.nowsecure.com/contact.

Questions?

kstrzempka@nowsecure.com+1 312.878.1100

@kstrzemp

How to scale mobile application security testing

Mobile

Mobile application-testing

Mobile Usability Testing

Mobile testing introduction

Crowd Testing Framework : Mobile Application Testing

Mobile application testing

Mobile Testing - cdn.ymaws.com · HP Mobile Testing Solution HP Service Features •Real Device Testing •Device Compatibility Testing •Mobile Application Test Automation •Mobile

Continuous Mobile Application Testing · 2015. 9. 21. · Mobile Performance Testing White Paper Continuous Mobile Application Testing With SOASTA TouchTest TM White Paper Mobile

The Power of the Crowd: Mobile Testing for Scale and Global Coverage

Mobile meetup : Enterprise Mobile Testing Strategy

HP Mobile Testing

Caiipa: Automated Large-scale Mobile App Testing through

SMP Enterprise Scale Mobility Webinar Series · SAP Mobile Platform Testing Mostly Online Applications This presentation ‘Testing Mostly Online Applications’ provides you with

Mobile UX testing

Mobile Application Performance Testing (Opera Mobile

Mobile Testing Checklist

How to Scale Mobile Testing across several Teams...34 @dnlkntt | How to Scale Mobile Testing across several Teams Android Release Train Code Freeze/ Upload to Google 100 Users Coding

Testing Mobile JavaScript

Free Scale Testing

Mobile Testing Trends

Mobile testing