DOD expands testing of mobile apps with new automated software
 
																			Mobile application security company NowSecure is expanding its work with the Department of Defense to bring automated testing software to mobile applications across the military.
Monday the company announced its delivery of new automated testing software to ensure the security of mobile applications used across DOD components and other federal agencies. The software tests for National Information Assurance Partnership (NIAP) compliance, a standard that will help mobile apps receive faster authority to operate (ATO) approvals, the company said.
NowSecure’s work with the military will allow the further migration of services to mobile devices and help ensure the apps they are hosted on are secure, according to the Air Force. The company started its work with the military during an Air Force Pitch Day event in 2019 when it was given a Small Business Innovation Research (SBIR) award.
“Mobile has been a particularly challenging spot because when you think about the mobile devices themselves, they are not sitting behind layers of defenses…they are mobile devices that have lots of sensors,” NowSecure Founder Andrew Hoog told FedScoop in an interview. “It becomes even more important to be able to have that automated testing.”
The technology that NowSecure brings will enable both third-party and in-house mobile apps to be tested in days, not the usual months it takes to achieve NIAP compliance, which is just one of the requirements for the ATO process. For apps that are constantly being updated, by the time the months-long process is over, several updates have already been released and will need to go through the process again.
“Given the quantity and frequency of updates, you must have automation,” Hoog said.
About 85 percent of the apps NowSecure tests have at least one security flaw, some with many more, Hoog added. NowSecure can test both iOS and Android-based apps.
The Air Force recently enhanced its ability to work with contractors on penetration testing of IT networks and fast-tracking cybersecurity ATOs to try and solve similar problems for other network devices. The changes to both IT network testing and mobile apps come as the military tries to modernize technology to more effectively carry out its mission.
NowSecure’s new software was delivered to the Air Force’s Business and Enterprise Systems Product Innovation (BESPIN) office, which works with private sector developers. It’s another one of the department’s Star Wars-themed tech hubs.
“Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Capt. Michael Valentin, Air Force BESPIN operations and support service manager. “This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps.”
 
			 
			 
			 
		 
		 
		