OWASP MASVS sets a minimum bar for mobile app developers to follow when building apps securely and provides security teams with the ideal testing strategy as part of the organization’s proof of controls. NowSecure benchmark mobile application security testing analysis shows 95% of nearly 6,500 leading mobile apps fail at least one of the seven OWASP MASVS categories.

In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

Coalfire’s 5th Annual Penetration Risk Report confirms that enterprise security teams in key industry sectors are starting to embrace continuous penetration testing as a core component of a comprehensive defensive strategy. The report reveals gaps on an expanding attack surface, showing that organizations face ever-greater difficulties mitigating modern attacks.

Today’s apps are multifunctional, combining communication, collaboration, and commerce. The fragmentation of mobile devices, cloud computing, and third-party components and services have changed how apps store, transmit, and process data. As a result, sensitive information is at risk thanks to the expansion of the attack surface and the rapid evolution of threats.

The Zimperium 2023 Global Mobile Threat Report examines the trends that shaped the mobile security landscape over the last year and analyzes research from Zimperium’s zLabs team, as well as third-party industry data, partner insights, and observations from leading industry experts. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistics on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is to provide deep insight into the minds of IT security professionals.

The goal of this Trend Report is to equip developers with the tools, best practices, and advice they need to help implement security at every stage of the SDLC.

This report reveals that the expanded use of applications for business-critical applications, combined with the increased pace of application changes that come with DevOps methodologies, has created security challenges for organizations.

This report reveals the latest application security trends, how organizations protect critical applications, and what tools and best practices cybersecurity professionals prioritize to find, fix and prevent vulnerabilities in next-gen applications.

This report is based on the results of a comprehensive online global survey of 386 cybersecurity professionals, conducted in July 2022, to gain deep insight into the latest trends, key challenges, and solutions for application security. The respondents range from technical executives to managers and IT security practitioners, representing a balancing cross-section of organizations of varying sizes across multiple industries.

Q3 saw a notable trend in which attackers launched DDoS attacks at single targets within a CSP, attributing an attack size increase of 544% QoQ and 232% YoY. Over 55% of attackers focused on hitting specific service with high volumes of traffic simultaneously. Due to the dramatic increase in attack size, this shift to employing high-penetration volumetric attacks can potentially lead to additional impact to CSP networks, regionally.

In this report, the analysis conducted by our research team identifies vulnerabilities and measures attack trends worldwide to provide a comprehensive view of DDoS threats. Nexusguard is able to evaluate DDoS events in a manner that is not biased by any single set of customer or industries. Many zero-day threats are first seen on our global research network.

This report is based on cybercrime attacks detected by the Digital Identity Network from July-December 2021, during near real-time analysis of consumer interactions across the customer journey, from new account creations, logins, payments and other non-core transactions such as password resets and transfers.

The CDR is the most geographically comprehensive, vendor-agnostic study of IT security decision makers and practitioners. Rather than compiling cyberthreat statistics and assessing the damage caused by data breaches, the CDR surveys the perceptions of IT security professionals, gaining insights into how they see the world.

In this report, we examine 10 prolific banking trojans targeting Android mobile apps of users worldwide, detailing their features and capabilities. We also detail what makes each malware family different highlighting the unique and advanced malicious features that make each banking trojan family unique. A complete list of all 639 financial applications covering banking, investment, payment, and cryptocurrency services and the different banking trojan families targeting each is provided in Appendix A.

This report will give a snapshot of 2020’s mobile threat landscape and dive into emerging trends we anticipate carrying into 2021.

A review of mobile device application security, based upon a combination of data from Zimperium’s product and suvey based results.

This report aims to examine the issue of stalkerware. They present data to understand the changes and scale of the problem in 2020.

This report highlights research into cyber-attack trends in the smart mobility ecosystem.

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector.

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons.