(String: {%- set hs_blog_post_body -%} {%- set in_blog_post_body = true -%} <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"> <div class="blog-post__lead h2"> <p><span style="background-color: transparent; color: var(--theme-color, inherit);">I believe that work shouldn’t be just about delivering tickets and good performance. </span></p> </div></span>)

Get to Know Netguru Mobile Areas: the Mobile Security Group

Photo of Karol Piątek

Karol Piątek

Updated Jul 21, 2023 • 4 min read

I believe that work shouldn’t be just about delivering tickets and good performance.

You should be able to develop your interests and have a positive impact on many aspects of the company. One of the interests you can develop at Netguru is mobile security. The group started with three people and after two years, 18 people are now involved in this initiative. That’s one-fifth of our mobile department. In this article, you will learn about various initiatives we have implemented within the group.

The mission of the mobile security group

Let’s start with our goal as a group. We strive to increase the security awareness of the Netguru mobile team and deliver applications with top-level security solutions.

We do that by using multiple initiatives that help us achieve this goal, like the security checklist, solutions consultations, handbook articles, and presentations. These initiatives also help other developers to grow their mobile security skills. We even created a mobile security career path so newcomers can see which areas they need to improve in.

Work organization

Every week our group meets to discuss work progress or interesting articles that we’ve read recently. We talk about project cases and how we can provide the best possible solution to the project team. Often, we also come up with new ideas for future work and initiatives. If someone has researched an interesting topic, they do a short presentation for the rest of the security team.

What the mobile security group has delivered

Mobile security checklist and handbook

Our mobile security group created the mobile security checklist. It is a list of requirements that projects should align with in order to increase security levels. We wanted to make security more accessible and standardize the list of requirements that projects could conform to.

In the final version, every requirement will also include a related article in the Mobile Security Handbook, which will describe risks, use cases, proposed solutions, and testing instructions. You can read more about the mobile security checklist in this article.

Our checklist is open source and you can find it in this repository along with the Mobile Security Handbooks. Feel free to propose new requirements for the checklist and to add to the handbook.

Mobile security review

The mobile security checklist is a good starting point to increase the security level of your project. However, for more sensitive projects it might be a good idea to include a periodic mobile security review of your application. It will verify implemented security solutions and look for vulnerabilities inside your application.

You can check out our document about the mobile security review process.

Let’s hack together

It is a monthly after-hours meeting for our group to meet and hack for exercise. It allows you to gain your first experience in solving CTF’s or work on your hacking/pentesting skills. In the past, we solved not only specially prepared challenges like CrackMe and DVIA-v2, but also backend/web challenges. Our meetings are not limited to mobile applications, but they are usually the main subject.

Open source contribution

We also contribute to open source projects like MobSF, where our team has not only added iOS Swift support, but has also done some refactoring and improvements. 🙏

Some of us even contribute to other OSS projects like OWASP MSTG.

Summary

If you would like to develop your mobile security skills, Netguru is a great place for it. Our group is constantly working on new ideas and providing help for less experienced developers to become mobile security experts. You can join us and work on your own ideas and initiatives — we are always happy to help.

Photo of Karol Piątek

More posts by this author

Karol Piątek

Senior iOS developer
Netguru Culture Book   Download now

We're Netguru!

At Netguru we specialize in designing, building, shipping and scaling beautiful, usable products with blazing-fast efficiency
Let's talk business!

Trusted by: