Guardsquare acquired the assets of Breakpoint, whose Mobile Application Security Testing (MAST) engine, App-Ray.

Yesterday, Guardsquare was announced new technology to enable teams to “shift left” with their iOS and Android security by integrating mobile app security throughout their development lifecycle.  First, we’re excited to announce that Guardsquare acquired the assets of Breakpoint, whose Mobile Application Security Testing (MAST) engine, App-Ray, will provide a framework for automated security scanning of Android and iOS applications. App-Ray will be integrated into our open source and commercial products throughout the course of 2021.

In addition, Guardsquare is shipping new releases for iXGuard for iOS and DexGuard for Android, their advanced solutions for protecting mobile applications. The highlight of these releases is their new Protection Report, which helps teams validate security protection immediately after implementing it. 

Let’s take a look at how this technology helps integrate security early and often within the mobile app dev lifecycle.

Shifting Left with Protection Report and App-Ray

While 85% of companies say that DevSecOps (or the continuous delivery of secure apps) is an important goal, only 35% have implemented it as an established practice. The reality? Many organizations prioritize time to market and user experience over security, and address security when it’s too late. The results can be costly.

According to NIST research, the cost of bug fixes increases steadily toward the later phases of the development lifecycle. For example, bugs fixed during post-production cost 30x more than during the early requirements/architecture phase. The same goes for security gaps: the longer organizations postpone identifying and addressing them, the greater the risk that applications/SDKs could ship with potential vulnerabilities. 

That’s why Guardsquare developed the Protection Report feature for iXGuard and DexGuard. It helps development teams shift left by validating their application of both code hardening and Runtime Application Self-Protection (RASP) mechanisms immediately after implementing these protections.

The Protection Report grades the security implementation against five categories of common and impactful threats. If any concerns are identified, the Protection Report outlines the steps needed to enhance protection, enabling development teams to take immediate action. With Protection Report, app development and security teams get robust protection of their apps in production, eliminating the risk of releasing insufficiently hardened mobile applications and SDKs. 

To build security even further into the development lifecycle, App-Ray MAST technology offers additional automated security testing for iOS and Android. App-Ray allows developers to automatically test their apps for security vulnerabilities, and make improvements without having to rely on external pentesting.

This process helps teams address issues more efficiently and cost-effectively. App-Ray will be integrated into Guardsquare’s existing products in 2021.

After developers complete security testing and publish their mobile apps, our real-time threat monitoring tool ThreatCast helps them continuously improve app protection based on live threat data.

All three tools combined will allow teams to seamlessly integrate security throughout the mobile app dev lifecycle – by hardening their applications, automating security testing, and constantly monitoring both the app and its environment.

Firstly, it is fascinating for us to be able to continue to work and support our clients under a larger umbrella corporation like Guardsquare. Secondly, this is a fantastic opportunity thanks to the synergy runtime testing (RAST) now available to all App-Ray customers.