As mobile apps become even more critical to businesses, organizations must build a Mobile App Risk Management program to identify risks to protect their businesses. Progressive Testing through Pen Testing as a Service (PTaaS) is a critical component of a scalable and comprehensive approach to protecting the mobile landscape.

iOS has often been seen as more secure than Android, mainly because it maintains such a tight grip on its ecosystem. But now, a wave of regulation from the EU to the US to Japan is forcing Apple to allow “sideloading”, which opens up a new front in the security fight.

In this talk, Benjamin Adolphi, the head of security research at Promon, will discuss the potential impact of the sideloading changes on iOS security and how the platform's security landscape compares to that of the Android platform. These changes may enable "repackaging attacks," which have been common on the Android platform for quite some time. To address this, Promon has conducted a research project to assess the current level of protection against these attacks for popular global applications on both Android and iOS.

In this TechTalk, Andrew Hoog, developer, cybersecurity expert and co-founder of NowSecure with over a decade of experience in mobile security and forensics, will jump into the most common risks NowSecure identifies in assessments of publicly available app store apps. You’ll learn:

• What risks are most pervasive in mobile apps
• What business impact organizations can expect
• How security teams can test for these issues
• Best practices to secure the Software Supply Chain
• How to run a Third-Party Risk Management program at scale for mobile apps
• How NowSecure Mobile App Risk Intelligence can help orchestrate risk reduction
  

In this Tech Talk, Sergi Àlvarez, Senior Mobile Security Research Engineer at NowSecure and the creator of Radare will dive into the tool . This session will cover:

• What Radare is and what can it do for you
• Basic introduction and the essential commands
• Benefits of extending the tool with plugins and scripts
• Practical use case extracting passwords from a Swift app in static
• And more to come!

The Internet of Things (IoT) has revolutionized the way we interact with our environments, connecting billions of devices to enhance efficiency, convenience, and automation in various sectors such as healthcare, transportation, and smart homes. However, the proliferation of interconnected devices also introduces significant security challenges. IoT devices, often designed with limited computing resources, may lack robust security features, making them vulnerable to cyber-attacks. As IoT continues to expand, discovering and addressing its security vulnerabilities becomes paramount to safeguarding personal privacy and ensuring the resilience of interconnected infrastructures.

In this Tech Talk, Aaron Guzman and Luca Pascal Rotsch will present their OWASP IoT Security Testing Guide (ISTG) project. Version 1.0.0 of this guide was published on March 1, providing a comprehensive methodology for penetration testing in the IoT field. While the guide is mainly intended to be used by penetration testers, the resources it provides may also help manufacturers and operators of IoT devices to proactively improve the security of their devices. The project leaders will introduce and demonstrate current capabilities of the guide as well as share insights into what is planned.

AI-powered code generation tools like ChatGPT and GitHub Copilot have taken the development world by storm, promising increased efficiency and productivity. However, the security implications of AI-generated code cannot be overlooked. In this session, Jason Michael Perry, CTO of Mindgrub, will guide you through best practices and precautions when utilizing these powerful tools to ensure the security and reliability of your codebase.

Join Michael Krueger, Senior Director Application Security Services at NowSecure, as we delve into the most pressing challenges faced by customers in their Mobile AppSec programs. From balancing coverage and speed to validating findings from automated tools, our experts will provide practical solutions to help you navigate through the complexities of mobile application security such as:

• How to achieve comprehensive coverage while leveraging automation
• Tailoring manual and automated testing to business risks
• Ensure coverage for complex workflows with Guided Testing
• Upskilling web-centric teams into proficient mobile app pen testers

The OWASP MASVS and OWASP MASTG are industry leading standards that top mobile app security and development professionals rely on to ensure their apps are secured. How is the MAS Project continuing to evolve, and what does that mean for your mobile appsec programs?

Join February’s TechTalk, where Carlos Holguera, OWASP Mobile Application Security (MAS) Project Lead, will give insights on updates and changes to the OWASP Mobile Application Verification Standard (MASVS) in Version 2.1.0. Learn about the new risk scoring proposal, the new MASVS-PRIVACY category and controls, upcoming MASTG risks and atomic tests, Mobile Application Security Testing Guide (MASTG) new refactoring and mobile app security best practices as a whole.