The State of Secure Mobile & Web App Development: Surveying the Journey to DevSecOps

While the industry has conducted numerous studies on DevSecOps practices and application security readiness across a broad portfolio of apps, until now there’s been very little insight into the state of DevSecOps specifically within mobile apps.

In order to better understand the differences and similarities between mobile and web apps in DevSecOps maturity, NowSecure and DevOps.com teamed up to ask more than 200 IT practitioners about their software delivery and application security testing practices across their entire software portfolio spanning web and mobile apps.

This survey studies the state of mobile DevSecOps on respondents’ organizations, the state of security in both web and mobile environments and the challenges of mobile DevSecOps, including:

• How many web and mobile apps they develop and maintain
• The organizations’ plans to adopt DevSecOps for app development
• Frequency of app release cycle
• The top enablers and blockers for DevSecOps transformation
• Reasons to integrate appsec testing with DevSecOps workflows
• Comparing web & mobile testing frequency, security and privacy
• When the organizations conduct security testing within agile or DevOps workflows for apps
• Types of application security testing performed
• Level of confidence in the security of their applications
• How quickly their organizations are able to remediate high-severity security vulnerabilities in apps
• Secure delivery of mobile software versus web
• Ranking of the biggest challenges their organizations encounter when testing mobile apps for security within CI/CD workflows