Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

IBM Focuses on iOS App Security With New AppScan Release

IBM’s MobileFirst initiative is putting a focus on iOS application security with the release of a new product aimed at developers.

IBM’s MobileFirst initiative is putting a focus on iOS application security with the release of a new product aimed at developers.

With IBM AppScan Source 8.7 for iOS, the company is looking to improve the security quality of iOS applications without sacrificing time-to-market. The move follows the release of IBM AppScan for apps running on Google Android.

IBM LogoAccording to IBM, IBM AppScan Source 8.7 for iOS includes complete language support for Objective-C, JavaScript and Java and is compliant with both the Federal Information Processing Standards (FIPS) Publication 140-2 and Internet Protocol version 6 (IPv6). It also supports thousands of mobile security application programming interfaces (APIs), with the API profiles being added to the IBMAppScan Source Security Knowledgebase and tied to the analysis engine.

“The real power of AppScan arises from how it performs vulnerability analysis – by using the full trace analysis technique,” explained Vijay Dheap, mobile security strategist at IBM. “Essentially it traces the data flows within an application – data sources to data sinks.  In order to perform this type of analysis we have had to do perform security analysis on 20,000-plus APIs for iOS – similar to the research we did for Android’s 20,000-plus APIs.”  

Not only does this help the developer understand the places in the app where vulnerabilities may arise but also provides developers and security analysts awareness of the role of specific API calls play in leading to a vulnerability, he said. Additionally this approach reduces the number of false positives.  

“In short development lifecycles developers can prioritize fixing vulnerabilities rather than being overwhelmed by just verifying if a vulnerability is real having a grasp of the APIs and why its use is causing a vulnerability, the developer learns for future development activities improving developer productivity with each iteration,” Dheap said. “Another key differentiator of the AppScan solution is that it automates the process of vulnerability analysis so that it can be seamlessly incorporated into the software development lifecycle.”

AppScan also captures data entering at various points such as log files and property lists and uses several rules to detect client data injection vulnerabilities, Dheap said.

“Over the last four years, KiwiTech has developed hundreds of iOS and Android mobile applications for organizations around the world. As the risk from mobile malware and data leakage grows, our customers are looking for ways to secure their iOS and Android applications and protect corporate data,” said Rakesh Gupta, Chief Executive Officer at KiwiTech, in a statement. “The new IBM AppScan product will allow us to proactively secure mobile applications and automate security testing to ensure our customers can keep pace with constant updates.”

IBM AppScan Source 8.7 for iOS will be available March 25th. 

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.