• Skip to main content

Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

  • Cryptocurrency Exchange
  • Blockchain Consultants
  • About Us
  • Blog

automation

Dec 23 2020

Automate Mobile Application Security Testing from Jenkins

Automate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from Jenkins

Mobile apps require continuous testing throughout the development process to ensure proper compliance and security measures are in place. If you are using Jenkins continuous integration server in your pipeline, continually testing your mobile app builds is simple with Zimperium’s mobile application security testing platform, zScan.

Here we will describe how you can automate mobile application security testing from your Jenkins implementation and increase your testing cadence to produce better apps while reducing your time to market and the associated manual effort. Every time new code is submitted to Jenkins, zScan will test the compiled app and provide specific details about improving any security gaps in your mobile apps. 

In this blog, we provide details on:

  1. Why mobile application security testing remains difficult;
  2. How to automate and configure testing from Jenkins;
  3. Available outputs and optional Jira integrations;
  4. Test Data categorizations; and
  5. How to install in your existing processes

Successful Continuous Mobile App Testing

Today, successful mobile application development organizations utilize a combination of native and cross-platform frameworks. Cross-platform frameworks allow for a single code base without compromising a great user experience. This means features and fixes are rolled out much more frequently than ever before. 

Keeping pace requires testing solutions to not only assess these frameworks accurately, but also allow for complete automation. You need mobile specific tools since it’s not just Android and iOS operating systems that are changing; the hybrid frameworks are evolving as well. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Failing to identify errors in mobile apps correctly can lead to disastrous results. Governing bodies can fine your company for failing to comply with a compliance mandate or, worse, your company could suffer severe brand damage if a mobile app breach became public. 

There are several public mobile app breach examples from this year. Some of the more notable breaches from this year include the Walgreens mobile app, BHIM data leak, and several coronavirus contact tracing apps that leaked private user data.

Automated App Testing Using CI/CD Platforms

Automating mobile application security testing in your DevOps toolchain provides your teams the opportunity to test early and test often. Developers continue to commit code in the same fashion when developing new features, bug fixes, and modifications. However, by integrating continuous testing to Jenkins during the development cycle, you identify compliance, security, and privacy risks early when they are less expensive to fix. 

If you reduce the number of bugs by testing more often, your overall delivery costs decrease, and throughput increases. Integrating security tools into existing DevOps frameworks allows for more productivity and better quality without forcing developers to unlearn and relearn new processes. Sounds good, right?

zScan Automates Mobile Application Security Testing

Zimperium’s zScan mobile application security testing platform provides security and development teams with privacy, data leakage, compliance violations, and security findings on any iOS or Android application. Zimperium’s proprietary processing engine dissects each mobile application binary directly from Jenkins and provides data on your apps’ resident risks. 

Each finding provides developers specific descriptions and remediation instructions. The detailed instructions can integrate into existing ticketing systems like Jira. The platform can be further customized to focus on categories that align with your enterprise or industry. 

Incorporating the scan results into your ticketing system allows for further downstream efficiencies. These integrations mean developers can work faster and reduce cycle times for bug fixes and enhancements. Teams can customize and filter findings as tracked, mitigated, confirmed, or fixed to prioritize workflows and deadlines.

How to Configure Your Jenkins Server and zScan

Integrating Zimperium’s mobile application security testing to Jenkins is simple.

  1. Download Jenkins plugin from zScan administration console;
  2. Open Jenkins and navigate to “Manage Plugins;”
  3. Upload zScan plugin to zScan; and 
  4. Configure Jenkins

Download the Jenkins plugin provided in your zConsole administration panel.

Navigate to Manage Jenkins and select Manage Plugins.

Click the Advanced tab and in the Upload Plugin section, choose and upload the file zScan-jenkins-plugin.hpi. 


Then restart Jenkins.

Jenkins Configuration

In the Configure section of your project, select Add Post-Build Action, and click “Upload Build Artifacts to zScan.”

Available fields in your configuration include:

  • Zimperium Server URL Endpoint
    • This is your root URL to your Zimperium console.
  • Client ID
    • This value is from your Zimperium Console Authorizations. Your Client ID is created after you generate your API Key.
  • Client Secret
    • This client secret is only displayed when you initially generate your API key along with the client identifier value.
  • Source Files
    • This allows you to specify patterns using ANT script. Zimperium provides several possible ANT statement examples that can help you get started.
  • Excluded Files
    • This field provides the ability to specify patterns to exclude files. This field is the opposite of the Source Files field. Similarly, multiple patterns are comma-separated.

Findings, Instances, and Compliance Categories

After you configure Zimperium’s mobile application security testing platform with Jenkins and begin testing, zScan will provide you with security findings and instances. Findings are potential issues discovered in the app analysis. Each of the findings describing each issue is categorized by affecting security, data leakage, and compliance (OWASP, NIAP, NIST, CCPA, GDPR) mandates and recommendations. 

Instances are specific locations where the finding is present in your app’s code. A hypothetical finding example in a physical penetration test could be that the doors in your house remain unlocked. If both the front door and back door are unlocked, there are two instances of the finding. Both of the findings may or may not need to be fixed. You can choose to accept one instance, allowing the back door to remain unlocked for a given house (app). Customizable policies can filter findings in future assessments for unlocked doors so you can focus on new findings.

[embedded content]

zScan Helps Reduce Mobile App Risk

To reduce risk and limit fraud, organizations worldwide are testing native and hybrid mobile apps with zScan to identify potential data leakage and security vulnerabilities. Mobile application development teams from the banking, financial services, healthcare, and public sector depend on Zimperium to secure, harden and detect real-time attacks to their apps, no matter the health of their users’ device. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third-party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Contact us today for more information on zScan and how you can automate your mobile application security testing.

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Millions Stolen from US and EU Banks Could’ve Been Prevented

Automate Mobile Application Security Testing from Jenkins

Source

Written by bizbuildermike · Categorized: Mobile Security · Tagged: analysis, android, api, App Security, Apps, automation, Banking, Banks, blog, breach, company, coronavirus, data, Enterprise, financial services, fraud, Future, GDPR, Global, health, healthcare, information, integration, iOS, Jenkins, market, Mobile, mobile app, mobile apps, Mobile Security, more, NIST, Privacy, productivity, risk, security, Sounds, Teams, us, vulnerabilities, work, youtube, ZIMPERIUM, zScan

Dec 19 2020

MassChallenge Fintech to Support 30 High-Potential Financial Technology Startups for its 2021 Accelerator Program

MassChallenge, an 11-year-old non-profit, no-equity accelerator program, has added 30 new Fintech and 30 Healthtech startups to its 2021 program. Both groups will be introduced at a virtual MassChallenge Verticals Opening Nights event on January 13, 2021.

Five of this year’s MassChallenge Fintechs are based in Massachusetts. Five of the program’s Healthtech companies are also operating out of Massachusetts. Launched in Boston, the MassChallenge now offers programs in Mexico, Israel, and various other cities across the United States.

The managing directors of both the Fintech and Healthtech programs stated that the applicants this year were very competitive and diverse. For the Healthtech group, the 30 initiatives were selected from over 380 applicants across more than 35 different countries — which means there was less than an 8% acceptance rate. (Note: for the list of Healthtech firms accepted, check here.)

MassChallenger MD Fintech, Devon Sherman, stated:

”We’re excited by the range of solutions and perspectives this year’s cohort brings. In our experience, this diversity of backgrounds and ideas is what drives true innovation.”

Jason Guenther, Head of Investment & Operations Technologies at Putnam Investments, remarked:

“This year‘s MassChallenge program was instrumental in helping us find companies with whom to partner in solving important business issues. Our partnership with MassChallenge has accelerated our digital journey and enabled us to think differently about how to leverage technology to improve business outcomes.”

Here are the Fintechs that are part of the MassChallenge accelerator:

MassChallenge Fintech 2021 cohort:

Accern (New York) – Accern accelerates AI workflows for enterprises with a no-code development platform.

And Financial (New Hampshire) – And Financial helps individuals transform student debt into retirement assets.

Beekin (New York) – Beekin is an asset management platform for commercial real estate investors, powered by big data and machine learning.

Bellwethr (Kansas) – Bellwethr helps businesses maximize each of their customer’s lifetime values with predictive and prescriptive analytics.

Bodeswell (Massachusetts) – BodesWell partners with the largest financial services companies to move people toward their financial goals.

Compliance.ai (California) – Compliance.ai is a modernized regulatory change management solution.

eCredable (Georgia) – eCredable helps consumers and small business owners build stronger credit profiles to access better financial products and services.

EmpowerYu (California) – EmPowerYu is tackling the eldercare crisis by giving medically vulnerable people and their caregivers continuous risk assessment from home.

Farther Finance (California) -A family office used to be for billionaires. Farther Finances replaces legacy tech and archaic processes to pull that experience forward.

Finaeo (Ontario) – Finaeo is streamlining insurance distribution by connecting insurance carriers, advisors, and clients through an integrated experience.

Flourish Savings (California) – Flourish provides financial institutions with a tailored engagement platform to drive deposits and deeper relationships.

Gig Wage (Texas) – Financial infrastructure for the future of work. Gig Wage helps companies and platforms pay independent workers, aka gig workers & freelancers.

Goalsetter (New York) – Goalsetter is the smartest money app for the whole family – from cradle to graduation, including parents, too.

gravityAI (New York) – gravityAI is a platform for Enterprise business teams to explore, test, and intergrade AI algorithms without needing to know how to code.

Habu (Massachusetts) – Habu is the leading Data Clean Room application, enabling safe data sharing between companies with privacy and security at its core.

HomeZada (California) – HomeZada is a personal finance/fintech platform for consumers to manage their largest financial asset and largest expense, their home.

Knoema Corporation (New York) – Knoema is a data technology platform that helps make global, alternative, subscription and internal data discoverable and useful.

Manetu (New Jersey) – Manetu’s Consumer Privacy Management platform offers seamless, dynamic and intelligent end to end management of consumer consent and data access.

Monit (Massachusetts) – Monit is a predictive cashflow and financial optimization platform designed for business owners as an intelligent, always-on advisor.

myGini (California) – Magic in your cards. Rewards and shopping offers to make spending and saving money easier. White labeled for your brand.

Optalitix (London) – Optalitix offers an innovative AI and technology software platform offering products to rapidly enable financial services companies to use AI.

Owlin (Amsterdam) – Owlin is a news analytics tool that helps finance professionals monitor their portfolio proactively, continuously, and in real-time.

Qoins Technologies (Georgia) – Qoins is a financial wellness app that helps consumers pay off their debt faster by combining financial education and automation.

Retail MarketPoint (Rhode Island) – Every retail real estate transaction in the U.S. – every property sale, lease, loan, or investment – can be measured by a Retail MarketPoint BrandScore™.

Retirable (New York)– Retirable helps pre-retirees plan for a better future with free access to professional retirement guidance and planning services.

Rialto Markets (New York) – Rialto democratizes and expands private markets for both issuers and investors.

TCARE (Missouri) – TCARE reduces the risk of Medicaid & LTC insurance claims via an evidence-based family caregiver support program.

WEVO (Massachusetts) – WEVO is the only tool that pinpoints why visitors aren’t converting and generates recommendations to improve conversion, before going live.

Workscope (London)  – Workscope uses data analytics & business intelligence to understand, govern and manage risk for spreadsheet driven operations.

Worthright (Massachusetts) – Worthright is a FinTech company that takes the ambiguity out of planning and paying for long-term care.

Source

Written by bizbuildermike · Categorized: Crowdfunding · Tagged: accelerator, AI, algorithms, automation, Big data, Billionaires, Boston, business, Businesses, California, Cities, commercial, company, consent, data, debt, devon sherman, digital, diversity, Education, Enterprise, Event, Family, finance, financial services, financial technology, fintech, Future, Georgia, Global, going, ideas, Infrastructure, innovation, insurance, intelligence, investment, Investments, Israel, jason guenther, London, LTC, machine learning, markets, masschallenge, mexico, money, more, New York, news, note, ontario, other, parents, partnership, platforms, portfolio, Privacy, Products, Real Estate, retail, Retirement, risk, risk assessment, security, Shopping, small-business, Software, startups, student, Teams, tech, Technology, Texas, transaction, u.s., United States, us, wellness, work

Oct 07 2020

Best of Both Worlds: Integrating Zimperium Mobile Threat Data into Microsoft Sentinel Cloud-Native SIEM

Best of Both Worlds: Integrating Zimperium Mobile Threat Data into Microsoft Sentinel Cloud-Native SIEMBest of Both Worlds: Integrating Zimperium Mobile Threat Data into Microsoft Sentinel Cloud-Native SIEM

While leading organizations are actively protecting mobile endpoints, security teams haven’t had clean and scalable ways to integrate and correlate threat data with other parts of the security infrastructure. But that is changing.

I recently hosted a webinar with David Branscome, Senior Cloud Solutions Architect, Microsoft and our very own Kern Smith, Vice President of Solution Engineering, discussing how – as the first and only mobile threat defense (MTD) solution integrated with Azure Sentinel – security analysts are now able to include Zimperium mobile threat data in their advanced threat hunting and threat correlation analysis.

To watch our on-demand webinar, please click here. 

According to David, the SecOps mission of protecting organizations’ information and assets is becoming increasingly difficult. Attack techniques, frequency, and complexity are evolving fast. Security teams are under strain from the expanding breadth of defensive technologies, accelerating hybrid cloud adoption, and borderless, zero-trust networks. The shortage of SecOps talent makes this problem worse. 

Considering the future needs of SOCs, these are the most prominent pain points:

Threats continue to grow in complexity and volume

Attacks are increasingly heterogeneous. A typical attack spans different parts of the enterprise and crosses various resource types: it might start from an IoT device, proceed to an endpoint, spread to a cloud service or to a database, involve multiple user accounts or tenants, and so on.

Alert fatigue: SOCs see too many alerts from disconnected products

Enterprise SOCs typically have dozens of security products, each producing a large volume of alerts. In isolation, these products often have high false positive rates and poor response prioritization, resulting in deafening alert noise. Attacks fall through the cracks despite generating alerts. Unfortunately, legacy SIEMs are functioning only as aggregators and don’t increase response capabilities. Enterprise SOCs need a way to integrate their security products to reduce the noise, prioritize alerts, and enable investigation and hunting across the entire dataset.

There is a global shortage of security analysts and experience

The need for skilled security professionals has greatly increased, and supply cannot meet current or future demand. A recent report by CSO magazine showed that this global talent shortage will increase to 3.5 million unfilled security jobs by 2021. 

Investigation is complex and time-consuming

Every second counts when SecOps personnel are handling a threat that might jeopardize their organization. The clock is ticking fast, but investigation requires highly skilled security analysts and can often take days or weeks. 

Legacy solutions are not architected for today’s demands, or tomorrow’s

Many legacy on-premises SIEMs require powerful hardware and extensive maintenance that make them expensive to operate. Storage and compute needs increase dramatically during an incident, which is difficult for an on-prem footprint to accommodate. The move to the cloud has enabled a new degree of enterprise scale-out, and with the explosion of cloud-born data, legacy SIEMs are less and less able to cope with the demand.

The cloud can help manage that complexity of the expanding digital estate. It simplifies and makes security easy to manage. Harnessing the power of cloud will set your SecOps teams free of IT work and help them focus on security work with no limits.

Next generation of AI and automation in the cloud helps to super-charge your work.  It will leverage the large-scale intelligence available in the cloud and make it work for you.

David explained that’s why the SIEM + SOAR tool was reimagined to introduce a new cloud-native solution called Microsoft Azure Sentinel – providing intelligent security analytics at cloud scale for your entire enterprise.

David went on to explain that Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, users, apps, servers and any cloud, it uses the power of AI to ensure you are identifying real threats quickly, and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining and scaling infrastructure.

Since it is built on Azure, it offers limitless cloud scale and speed, scaling automatically to address your needs.

Traditional SIEMs have also proven to be expensive to own and operate, often requiring you to commit upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there’s no upfront costs, you only pay for what you use, and Microsoft offers free Office 365 activity data import to help you reduce security costs significantly.

Patented detection engine designed for mobile

One of the endpoints needing to be protected are mobile devices. Zimperium offers the only real-time, on-device, machine learning-based protection against Android and iOS threats, including the detection of device, network, phishing and malicious app attacks. When we detect suspicious activities on-device, it sends detailed threat forensics data that can be used for SOC analysis. 

Our detailed forensics can be integrated with Sentinel, providing a fuller, more detailed and clearer picture on what’s going on within a given organization as a whole, not just specifically on mobile or in silos on other endpoints. Organizations can maximize the value of all solutions and create a more cohesive security structure for the entire company.

Zimperium & Microsoft Azure Sentinel

Any analytics tool is only as good as the data that it gains. We provide granular forensics and granular detections across that full stack of threats – both early on in the kill chain cycle and leading up to any full device compromises – so that organizations can leverage Sentinel to identify those initial exposure points, stop the attack in its tracks and prevent it from spreading across the rest of the organization.

Best of Both Worlds on-demand webinar

Watch our on-demand webinar to see David and Kern talk about and demonstrate:

  • Integrating mobile threat data from Zimperium into Azure Sentinel;
  • Achieving visibility, correlation and threat hunting across all endpoints and networks;
  • Utilizing Azure Sentinel to respond to incidents with built-in orchestration and automations.

Contact us

To learn more or to schedule your own demonstration, please contact us. 

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Joker is No Laughing Matter: 64 New Variants Discovered in Less Than a Month

Best of Both Worlds: Integrating Zimperium Mobile Threat Data into Microsoft Sentinel Cloud-Native SIEM

Source

Written by bizbuildermike · Categorized: Mobile Security · Tagged: Adoption, AI, analysis, Analysts, android, Apps, automation, blog, cloud, company, cyber security, data, digital, Engineering, Enterprise, Enterprise Mobility and Security, Future, Global, hardware, hybrid cloud, information, Infrastructure, intelligence, iOS, iot, Jobs, linkedin, Microsoft, Mobile, mobile attacks, mobile devices, Mobile Security, Mobile Threat Data, Mobile Threat Defense, MTD, other, president, Products, scaling, security, Sentinel, storage, webinar, work

Sep 29 2020

1inch, a Non-Custodial Crypto Exchange Aggregator, Partners Hacken to Improve Platform Security

1inch.exchange, a decentralized or non-custodial crypto exchange (DEX) aggregator, notes that they’re always working on making improvements to the overall security of their service. The 1inch team confirmed that they’ve teamed up with Hacken, an established provider of cybersecurity solutions.

The 1inch team stated:

“We … have always been taking security very seriously. Now, it is time to take the protection of our users to a new level, and we are happy to be doing this in collaboration with Hacken.”

The 1inch developers claim that Hacken has a great track record in the cybersecurity space and its team members are also experts in code and infrastructure auditing.

1inch plans to enhance the security of its platform and offer greater consumer protection by working cooperatively with Hacken in several key areas, such as auditing code, APIs and infrastructure.

Sergej Kunz, co-founder and CEO at 1inch, stated:

“We are thrilled to welcome Hacken as our security associate. Thanks to this collaboration, our service will become safer for users. Together with Hacken, we’ll be able to take security in the (decentralized finance) DeFi space to a complete new level.”

As mentioned in a blog post by 1inch, the Hacken team mainly focuses on serving as a cryptocurrency exchange auditor. It’s a cybersecurity consulting firm that was launched in August 2017.

As noted in the announcement, Hacken provides several services including blockchain security consulting, web/mobile penetration testing, coordination of bug bounty programs, crypto exchange ratings and cybersecurity education.

As reported recently, Hacken revealed that it would be integrating Chainlink’s “decentralized” oracles so that data is more accessible to decentralized apps (dApps).

The Hacken team had noted recently:

“Our integration with Chainlink’s … decentralized oracle network will enable smart contracts from any blockchain to access Hacken’s security data. Developers can … leverage Chainlink’s existing pool of secure node operators to build in security buffers that protect user funds and/or ensure more secure and reliable transaction/protocol automation based on Hacken data feeds.”

They also mentioned:

“Providing cybersecurity data about DeFi smart contract audits is a crucial part of maturing the DeFi industry. Anonymous developers and yield farming spinoffs can drive speculation, often without regard for security. For average users, information about security and trusted audits is difficult to access, especially in real-time. Hacken aims to supply this data to users on-demand to foster stronger security in DeFi as a whole, ultimately reducing information asymmetry and increasing transparency.

Source

Written by bizbuildermike · Categorized: Crowdfunding · Tagged: 1inch, Apps, automation, blockchain, Blockchain & Digital Assets, blockchain security, blog, ceo, Co-founder, crypto, cryptocurrency, Cryptocurrency Exchange, cybersecurity, dapps, data, decentralized, decentralized finance, defi, DEX, distributed ledger technology, dlt, Education, exchange, finance, Global, hacken, information, Infrastructure, integration, Investment Platforms and Marketplaces, oracle, security, sergej kunz, smart contract, smart contracts, Space

Aug 07 2020

OneConnect Joins Forces With Swiss Re to Co-Develop Digital End-to-End solution for Motor Claims Handling for European Market

OneConnect Financial Technology Co. Ltd. (OneConnect), an associate company of China’s insurance giant Ping An Group, announced earlier this week it has joined forces with Swiss Reinsurance Company Ltd. (Swiss Re) to co-develop a digital end-to-end solution for motor claims handling for the European market, based on artificial intelligence (AI) and advanced data analytics. The duo will notably collaborate to introduce OneConnect’s Smart Claims Solution to Europe.

OneConnect reported that the solution uses its AI-based image-recognition technology and Swiss Re’s risk expertise and market know-how. The technology also provides an efficient, completely digitalized service in seconds for significantly improved user experience.

“Based on photos of the vehicle damage, the solution identifies the appropriate repair strategy and estimates the cost of repair within minutes, offering immediate cash payouts and additional services such as directing drivers to a repair garage.”

Xiao Jing, Chief Scientist of Ping An Group, further explained:

“Image-based damage recognition technology has successfully enabled Ping An to ease into claim digitalization and automation. This solution allows our customers to enjoy touchless claim service. I am delighted to see this proven technology taken to Europe by OneConnect and Swiss Re.”

Besides the Smart Claims Solution, OneConnect added that it and Swiss Re will explore collaboration opportunities for other digital insurance solutions.

Source

Written by bizbuildermike · Categorized: Crowdfunding · Tagged: AI, artificial-intelligence, Asia, automation, company, data, end-to-end, Europe, insurance, insurtech, intelligence, oneconnect, other, partnership, swiss re, Technology

Copyright © 2021 · Altitude Pro on Genesis Framework · WordPress · Log in