Mobile developers are tasked with writing code and publishing builds faster than ever before. You don’t need to go far to find stats that show developers are pushing code with increased frequency – measured in minutes, hours, and days rather than weeks and months. As a result, security can become an afterthought – or something handled by someone else on the other side of the office, on another floor, or elsewhere in the organization.

But, a recent Ponemon study on IoT and mobile apps shows that mobile app security is top-of-mind for many organizations. Sixty percent of respondents reported a data breach resulting from an insecure mobile app, and 39 percent of organizations wait until production to test, driving up the cost to fix flaws considerably.

Mobile app security should be a feature

A great user experience is a secure user experience. NowSecure keeps an up-to-date, free guide of secure mobile development best practices online so developers can avoid common mobile security mistakes. By avoiding those mistakes, developers can ensure that their apps are securing data in transit, securely connecting to APIs and third-party services, properly using tokens and cryptography, and more.

Running a security assessment with a simple post-build step Connecting to Lab Automated via the NowSecure API involves configuring build settings within CircleCI and adding a step to the end of your build. We’ve written a step-by-step guide with instructions for integrating Lab Automated with CircleCI that you will find in our documentation portal. Below, we’ve included the exact code needed to implement the post-build step:

#Replace
test:
  override:
    - (./gradlew assemble -PdisablePreDex):
        timeout: 360
    - cp -r ${HOME}/${CIRCLE_PROJECT_REPONAME}/app/build/outputs/apk/ $CIRCLE_ARTIFACTS

#Deploy when tests pass
deployment:
  master:
    branch: master
    commands:
      #Send to Lab Automated and run an assessment
      - curl -X POST --data-binary @$CIRCLE_ARTIFACTS/apk/app-debug.apk -H "Authorization:Bearer $LAB_TOKEN" https://lab-api.nowsecure.com/build/

A few lines of code integrates automated security testing with your current toolkit At NowSecure, we built a device farm of iOS and Android devices, hosted in the cloud, where we perform static and dynamic mobile app security analysis of mobile binaries in roughly 15 minutes. Each security assessment takes place within a live network environment to evaluate your mobile app just like an attacker would in an attempt to gain access or intercept information. By performing analysis on physical iOS and Android devices, we nearly eliminate false positives and negatives.

Even better, our tool takes advantage of an API, so you can plug mobile app security testing into your current toolkit. For example, you can save new code in a GitHub repository, build your iOS or Android app in CircleCI, immediately run a mobile app security assessment in Lab Automated, and populate Jira with findings prioritized by risk with remediation information included. After your build is complete in CircleCI, a security assessment of the binary completes in less than 15 minutes.

See it in action:

mobile app security testing

In the above video, we show just how easy it is to test your mobile app after code is pushed and CircleCI builds the binary. In less than fifteen minutes, the security assessment is completed with prioritized findings that can be viewed within our cloud dashboard or bug-tracking tools like GitHub.

Try out NowSecure with a two-week free trial. The NowSecure team of support engineers is glad to assist with configuring any integrations you need as part of your trial: https://info.nowsecure.com/lab-automated-trial.html

Keith Mokris, Product Marketing Manager:

Keith Mokris is the product marketing leader at NowSecure. He is a content creator with skills ranging from video production to graphic design to photography. He enjoys translating technical information and building a voice behind solutions at NowSecure.