NowSecure Unveils First Automated OWASP MASVS v2.1 Mobile App Security and New Privacy Testing
NowSecure
NowSecure, the leader in mobile security and privacy testing, today raised the level of protection available to safeguard enterprise mobile app portfolios with the industry’s first automated solution for the OWASP Mobile Application Security Verification Standard (MASVS) version 2.1. Available from within NowSecure Platform, customers can comprehensively test to the MASVS v2.1 industry standard easily demonstrating to stakeholders that their mobile apps uphold the highest levels of security and user privacy. The OWASP MASVS v2.1 serves as the global standard for mobile application security and defines a set of requirements and best practices for secure mobile app development. It includes a new category supported by the NowSecure Platform, MASVS-PRIVACY. These controls provide mobile app development and security teams with much-needed visibility into the privacy implications of their mobile apps to meet app store requirements and meet the challenge of the intensifying scrutiny of the U.S. Federal Trade Commission (FTC). "With the new privacy category, we're now able to address cases not covered by traditional security testing,” said Carlos Holguera, OWASP MAS project lead and senior mobile security research engineer for NowSecure. “The support inside NowSecure Platform is critical for our customers." While data security focuses on protecting data from unauthorized access, privacy focuses on the rights of users regarding data collection, processing, storage and sharing. For example, imagine that an app transmits encrypted data securely, but that data contains highly sensitive personal information that’s sent to outside parties without user consent. The new privacy controls ensure this and other privacy failures are prevented, Holguera explained. The new OWASP-MASVS v2.1 controls featured in NowSecure Platform include: MASVS-PRIVACY-1: Minimizes access to sensitive data and resources MASVS-PRIVACY-2: Prevents user identification MASVS-PRIVACY-3: Ensures/promotes transparency in data collection and usage MASVS-PRIVACY-4: Provides user control over personal data As an OWASP MAS Advocate and industry leader, NowSecure has extensively contributed to the OWASP Mobile Application Security Project (MAS) and championed creation of OWASP MASVS-PRIVACY. "This new category is the result of extensive expert-driven research across the industry. It aligns with, and goes beyond the shift toward protecting user privacy started by Apple and Google,” said Holguera. Security and privacy go hand in hand in new OWASP MASVS findings and report in NowSecure Platform and the NowSecure OWASP MASVS Pen Testing Service leverage best-in-class test automation and expertise to ensure that your app remains fully compliant across all eight MASVS domains: MASVS-STORAGE MASVS-CRYPTO MASVS-AUTH MASVS-NETWORK MASVS-PLATFORM MASVS-CODE MASVS-RESILIENCE MASVS-PRIVACY NowSecure recently published a benchmark report revealing 95% of mobile apps fail to meet the OWASP MASVS v1.0 standard and released a guide on common secure coding mistakes, helping developers bridge the gap and enhance their security practices. The NowSecure Platform OWASP MASVS report delivers a concise view of passed and unmet requirements and indicates if a requirement needs manual review. Mobile app security, development and GRC teams can consult the report to quickly identify areas of improvement for their mobile app testing programs. Once the app meets the MASVS v2.1 requirements, NowSecure Platform can also generate a letter of attestation to demonstrate that the app is secure and respects user privacy. The new OWASP MASVS report will be available to NowSecure Platform customers, allowing them to incorporate the latest advancements in mobile app security and privacy testing within their development workflows. To experience NowSecure Platform and benchmark your mobile apps against the OWASP MASVS, request a demo today. About NowSecure As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber. Contact Details Jon Brody press@nowsecure.com Company Website https://www.nowsecure.com/
April 30, 2024 01:30 PM Eastern Daylight Time