More Related Content Similar to Mobile App Security Predictions 2019 (20) Mobile App Security Predictions 20191. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.© Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
MOBILE APP SECURITY
PREDICTIONS 2019
2. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
#MOBSEC5 - A WEEKLY MOBILE SECURITY NEWS UPDATE
www.nowsecure.com/go/subscribe
2
3. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
AGENDA
INTRODUCTIONS
10 LEADING QUESTIONS
MANY PREDICTIONS
OPEN Q&A
SPEAKERS
3
ALAN SNYDER
CEO
BRIAN REED
CMO
DAVID WEINSTEIN
CTO
4. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT IS THE INTERPLAY OF
DIGITAL TRANSFORMATION &
MOBILE APPS?
4
5. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.5
MCDONALDS SPENDING $6BN ON TRANSFORMATION
6. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHERE WILL THE BIG MOBILE
BREACHES HAPPEN?
6
7. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.7
MOBILE APPS DOMINATE USAGE, BRINGS THE ATTACKERS
8. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.8
KEY SEGMENTS ARE NOW MOBILE APP DOMINANT
9. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT THE STATE OF
MOBILE SECURITY IN 2019?
9
10. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.10
GROWING REALIZATION CURRENT TESTING FAILS
85 Third-party app store apps violate
OWASP MOBILE TOP 10
%
35 Have un-encrypted
data transmission
%50 Android apps dynamically load
code missed by static analysis
%
3X More likely to leak
account credentials
Biz Apps
Source: NowSecure Software and Research Data 2017-2018
SAST? DAST? PEN TESTING?
11. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.11
MOBILE APP BENCHMARKS 0 59 60-69 70-79 80-89 90-100
Low RiskHgh Risk Caution
12. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT MOBILE RISK
VECTORS IN 2019 & BEYOND?
12
13. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.13
OSS & 3RD-PARTY RISKS CONTINUE TO GROW
14. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.14
RICH COMMUNICATIONS SERVICES PRESENT NEW RISKS
FRESH CODE!
FRESH VULNS!
15. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.15
PHONE NUMBER FOR AUTH INCREASINGLY RISKY
16. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT THE TRENDS IN
MOBILE APPSEC TESTING IN 2019?
16
17. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.17
FRUSTRATIONS WITH MOBILE PEN TESTING WILL GROW
18. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.18
APPSEC TESTING COST & RISK CATCH 22
FREQUENCY OF RELEASE
FREQUENCY OF TESTING
COST
FREQUENCY OF RELEASE
FREQUENCY OF TESTING
RISK
GOAL
19. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
MOBILE IS THE LEAD DOG ON DEVOPS & SHIFT LEFT
Build
Binary
Code
Commit
Test
Binary
</>
Dev
Cycle
Stage Deploy
SECURITY & TESTING TOOLS
SAST Scan
Pre-build
DAST Scan
Post-build
Pre-release
Manual Test
Outsourced
PEN Testing
Vulnerability
Management
Management
Reporting
Compliance
Reporting
App Store
Monitoring
IDEs &
Languages
Build Tools & CI/CD
Platforms
Ticket
Systems
App
Management
Release
Management
Management
Dashboards
Compliance
Management
App Stores
(in/external)
DEV & CI/CD TOOLS
19
20. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT SECURITY
STAFFING IN 2019?
20
21. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.21
SHORTAGES IN SECURITY EXPERTS WILL GROW
22. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.22
STAFFING SHORTAGES WILL DRIVE AUTOMATION
23. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT FUNDAMENTALS OF
MOBILE OS 2019 & BEYOND?
23
24. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.24
THE FREQUENCY OF JAILBREAKS DECLINES
25. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.25
GOOGLE EXPLORING NEW FRONTIERS
New Mobile LanguageNew Mobile OS New Mobile SDKs
26. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
WHAT ABOUT MOBILE PRIVACY &
LEGISLATION IN 2019?
26
27. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.27
FURTHER PRIVACY LEGISLATION WILL TAKE HOLD
28. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
AND ONE MORE THING….
28
29. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.29
AND MAYBE SOMEONE WILL HACK A TESLA
30. © Copyright 2018 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.30
OPEN Q&A
Use the “Ask a Question” tab below the slides
DAVID WEINSTEIN
CTO
BRIAN REED
CMO
ALAN SNYDER
CEO