SlideShare a Scribd company logo

Mobile App Security Predictions 2019

NowSecure
NowSecure

Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870 2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it���s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches. This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas: + Mobile ecosystem: OSes, devices, apps and app stores + Evolving mobile security threats + The rise of DevSecOps and the automation of everything + The disruptive economics of automating manual pen testing

1 of 30
Download to read offline
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. MOBILE APP SECURITY PREDICTIONS 2019
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. #MOBSEC5 - A WEEKLY MOBILE SECURITY NEWS UPDATE www.nowsecure.com/go/subscribe 2
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. AGENDA INTRODUCTIONS 10 LEADING QUESTIONS MANY PREDICTIONS OPEN Q&A SPEAKERS 3 ALAN SNYDER CEO BRIAN REED CMO DAVID WEINSTEIN CTO
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT IS THE INTERPLAY OF DIGITAL TRANSFORMATION & MOBILE APPS? 4
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.5 MCDONALDS SPENDING $6BN ON TRANSFORMATION
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHERE WILL THE BIG MOBILE BREACHES HAPPEN? 6
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.7 MOBILE APPS DOMINATE USAGE, BRINGS THE ATTACKERS
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.8 KEY SEGMENTS ARE NOW MOBILE APP DOMINANT
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT THE STATE OF MOBILE SECURITY IN 2019? 9
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.10 GROWING REALIZATION CURRENT TESTING FAILS 85 Third-party app store apps violate OWASP MOBILE TOP 10 % 35 Have un-encrypted data transmission %50 Android apps dynamically load code missed by static analysis % 3X More likely to leak account credentials Biz Apps Source: NowSecure Software and Research Data 2017-2018 SAST? DAST? PEN TESTING?
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.11 MOBILE APP BENCHMARKS 0 59 60-69 70-79 80-89 90-100 Low RiskHgh Risk Caution
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT MOBILE RISK VECTORS IN 2019 & BEYOND? 12
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.13 OSS & 3RD-PARTY RISKS CONTINUE TO GROW
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.14 RICH COMMUNICATIONS SERVICES PRESENT NEW RISKS FRESH CODE! FRESH VULNS!
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.15 PHONE NUMBER FOR AUTH INCREASINGLY RISKY
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT THE TRENDS IN MOBILE APPSEC TESTING IN 2019? 16
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.17 FRUSTRATIONS WITH MOBILE PEN TESTING WILL GROW
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.18 APPSEC TESTING COST & RISK CATCH 22 FREQUENCY OF RELEASE FREQUENCY OF TESTING COST FREQUENCY OF RELEASE FREQUENCY OF TESTING RISK GOAL
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. MOBILE IS THE LEAD DOG ON DEVOPS & SHIFT LEFT Build Binary Code Commit Test Binary </> Dev Cycle Stage Deploy SECURITY & TESTING TOOLS SAST Scan Pre-build DAST Scan Post-build Pre-release Manual Test Outsourced PEN Testing Vulnerability Management Management Reporting Compliance Reporting App Store Monitoring IDEs & Languages Build Tools & CI/CD Platforms Ticket Systems App Management Release Management Management Dashboards Compliance Management App Stores (in/external) DEV & CI/CD TOOLS 19
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT SECURITY STAFFING IN 2019? 20
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.21 SHORTAGES IN SECURITY EXPERTS WILL GROW
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.22 STAFFING SHORTAGES WILL DRIVE AUTOMATION
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT FUNDAMENTALS OF MOBILE OS 2019 & BEYOND? 23
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.24 THE FREQUENCY OF JAILBREAKS DECLINES
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.25 GOOGLE EXPLORING NEW FRONTIERS New Mobile LanguageNew Mobile OS New Mobile SDKs
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT MOBILE PRIVACY & LEGISLATION IN 2019? 26
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.27 FURTHER PRIVACY LEGISLATION WILL TAKE HOLD
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. AND ONE MORE THING…. 28
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.29 AND MAYBE SOMEONE WILL HACK A TESLA
© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.30 OPEN Q&A Use the “Ask a Question” tab below the slides DAVID WEINSTEIN CTO BRIAN REED CMO ALAN SNYDER CEO

More Related Content

Mobile App Security Predictions 2019

  • 1. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. MOBILE APP SECURITY PREDICTIONS 2019
  • 2. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. #MOBSEC5 - A WEEKLY MOBILE SECURITY NEWS UPDATE www.nowsecure.com/go/subscribe 2
  • 3. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. AGENDA INTRODUCTIONS 10 LEADING QUESTIONS MANY PREDICTIONS OPEN Q&A SPEAKERS 3 ALAN SNYDER CEO BRIAN REED CMO DAVID WEINSTEIN CTO
  • 4. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT IS THE INTERPLAY OF DIGITAL TRANSFORMATION & MOBILE APPS? 4
  • 5. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.5 MCDONALDS SPENDING $6BN ON TRANSFORMATION
  • 6. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHERE WILL THE BIG MOBILE BREACHES HAPPEN? 6
  • 7. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.7 MOBILE APPS DOMINATE USAGE, BRINGS THE ATTACKERS
  • 8. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.8 KEY SEGMENTS ARE NOW MOBILE APP DOMINANT
  • 9. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT THE STATE OF MOBILE SECURITY IN 2019? 9
  • 10. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.10 GROWING REALIZATION CURRENT TESTING FAILS 85 Third-party app store apps violate OWASP MOBILE TOP 10 % 35 Have un-encrypted data transmission %50 Android apps dynamically load code missed by static analysis % 3X More likely to leak account credentials Biz Apps Source: NowSecure Software and Research Data 2017-2018 SAST? DAST? PEN TESTING?
  • 11. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.11 MOBILE APP BENCHMARKS 0 59 60-69 70-79 80-89 90-100 Low RiskHgh Risk Caution
  • 12. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT MOBILE RISK VECTORS IN 2019 & BEYOND? 12
  • 13. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.13 OSS & 3RD-PARTY RISKS CONTINUE TO GROW
  • 14. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.14 RICH COMMUNICATIONS SERVICES PRESENT NEW RISKS FRESH CODE! FRESH VULNS!
  • 15. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.15 PHONE NUMBER FOR AUTH INCREASINGLY RISKY
  • 16. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT THE TRENDS IN MOBILE APPSEC TESTING IN 2019? 16
  • 17. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.17 FRUSTRATIONS WITH MOBILE PEN TESTING WILL GROW
  • 18. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.18 APPSEC TESTING COST & RISK CATCH 22 FREQUENCY OF RELEASE FREQUENCY OF TESTING COST FREQUENCY OF RELEASE FREQUENCY OF TESTING RISK GOAL
  • 19. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. MOBILE IS THE LEAD DOG ON DEVOPS & SHIFT LEFT Build Binary Code Commit Test Binary </> Dev Cycle Stage Deploy SECURITY & TESTING TOOLS SAST Scan Pre-build DAST Scan Post-build Pre-release Manual Test Outsourced PEN Testing Vulnerability Management Management Reporting Compliance Reporting App Store Monitoring IDEs & Languages Build Tools & CI/CD Platforms Ticket Systems App Management Release Management Management Dashboards Compliance Management App Stores (in/external) DEV & CI/CD TOOLS 19
  • 20. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT SECURITY STAFFING IN 2019? 20
  • 21. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.21 SHORTAGES IN SECURITY EXPERTS WILL GROW
  • 22. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.22 STAFFING SHORTAGES WILL DRIVE AUTOMATION
  • 23. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT FUNDAMENTALS OF MOBILE OS 2019 & BEYOND? 23
  • 24. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.24 THE FREQUENCY OF JAILBREAKS DECLINES
  • 25. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.25 GOOGLE EXPLORING NEW FRONTIERS New Mobile LanguageNew Mobile OS New Mobile SDKs
  • 26. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. WHAT ABOUT MOBILE PRIVACY & LEGISLATION IN 2019? 26
  • 27. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.27 FURTHER PRIVACY LEGISLATION WILL TAKE HOLD
  • 28. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. AND ONE MORE THING…. 28
  • 29. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.29 AND MAYBE SOMEONE WILL HACK A TESLA
  • 30. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.30 OPEN Q&A Use the “Ask a Question” tab below the slides DAVID WEINSTEIN CTO BRIAN REED CMO ALAN SNYDER CEO