I believe that work shouldn’t be just about delivering tickets and good performance.
You should be able to develop your interests and have a positive impact on many aspects of the company. One of the interests you can develop at Netguru is mobile security. The group started with three people and after two years, 18 people are now involved in this initiative. That’s one-fifth of our mobile department. In this article, you will learn about various initiatives we have implemented within the group.
The mission of the mobile security group
Let’s start with our goal as a group. We strive to increase the security awareness of the Netguru mobile team and deliver applications with top-level security solutions.
We do that by using multiple initiatives that help us achieve this goal, like the security checklist, solutions consultations, handbook articles, and presentations. These initiatives also help other developers to grow their mobile security skills. We even created a mobile security career path so newcomers can see which areas they need to improve in.
Every week our group meets to discuss work progress or interesting articles that we’ve read recently. We talk about project cases and how we can provide the best possible solution to the project team. Often, we also come up with new ideas for future work and initiatives. If someone has researched an interesting topic, they do a short presentation for the rest of the security team.
What the mobile security group has delivered
Mobile security checklist and handbook
Our mobile security group created the mobile security checklist. It is a list of requirements that projects should align with in order to increase security levels. We wanted to make security more accessible and standardize the list of requirements that projects could conform to.
In the final version, every requirement will also include a related article in the Mobile Security Handbook, which will describe risks, use cases, proposed solutions, and testing instructions. You can read more about the mobile security checklist in this article.
Our checklist is open source and you can find it in this repository along with the Mobile Security Handbooks. Feel free to propose new requirements for the checklist and to add to the handbook.
Mobile security review
The mobile security checklist is a good starting point to increase the security level of your project. However, for more sensitive projects it might be a good idea to include a periodic mobile security review of your application. It will verify implemented security solutions and look for vulnerabilities inside your application.
You can check out our document about the mobile security review process.
Let’s hack together
It is a monthly after-hours meeting for our group to meet and hack for exercise. It allows you to gain your first experience in solving CTF’s or work on your hacking/pentesting skills. In the past, we solved not only specially prepared challenges like CrackMe and DVIA-v2, but also backend/web challenges. Our meetings are not limited to mobile applications, but they are usually the main subject.
Open source contribution
We also contribute to open source projects like MobSF, where our team has not only added iOS Swift support, but has also done some refactoring and improvements. 🙏
Some of us even contribute to other OSS projects like OWASP MSTG.
If you would like to develop your mobile security skills, Netguru is a great place for it. Our group is constantly working on new ideas and providing help for less experienced developers to become mobile security experts. You can join us and work on your own ideas and initiatives — we are always happy to help.