Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

IBM Focuses on iOS App Security With New AppScan Release

IBM’s MobileFirst initiative is putting a focus on iOS application security with the release of a new product aimed at developers.

IBM’s MobileFirst initiative is putting a focus on iOS application security with the release of a new product aimed at developers.

With IBM AppScan Source 8.7 for iOS, the company is looking to improve the security quality of iOS applications without sacrificing time-to-market. The move follows the release of IBM AppScan for apps running on Google Android.

IBM LogoAccording to IBM, IBM AppScan Source 8.7 for iOS includes complete language support for Objective-C, JavaScript and Java and is compliant with both the Federal Information Processing Standards (FIPS) Publication 140-2 and Internet Protocol version 6 (IPv6). It also supports thousands of mobile security application programming interfaces (APIs), with the API profiles being added to the IBMAppScan Source Security Knowledgebase and tied to the analysis engine.

“The real power of AppScan arises from how it performs vulnerability analysis – by using the full trace analysis technique,” explained Vijay Dheap, mobile security strategist at IBM. “Essentially it traces the data flows within an application – data sources to data sinks.  In order to perform this type of analysis we have had to do perform security analysis on 20,000-plus APIs for iOS – similar to the research we did for Android’s 20,000-plus APIs.”  

Not only does this help the developer understand the places in the app where vulnerabilities may arise but also provides developers and security analysts awareness of the role of specific API calls play in leading to a vulnerability, he said. Additionally this approach reduces the number of false positives.  

“In short development lifecycles developers can prioritize fixing vulnerabilities rather than being overwhelmed by just verifying if a vulnerability is real having a grasp of the APIs and why its use is causing a vulnerability, the developer learns for future development activities improving developer productivity with each iteration,” Dheap said. “Another key differentiator of the AppScan solution is that it automates the process of vulnerability analysis so that it can be seamlessly incorporated into the software development lifecycle.”

AppScan also captures data entering at various points such as log files and property lists and uses several rules to detect client data injection vulnerabilities, Dheap said.

“Over the last four years, KiwiTech has developed hundreds of iOS and Android mobile applications for organizations around the world. As the risk from mobile malware and data leakage grows, our customers are looking for ways to secure their iOS and Android applications and protect corporate data,” said Rakesh Gupta, Chief Executive Officer at KiwiTech, in a statement. “The new IBM AppScan product will allow us to proactively secure mobile applications and automate security testing to ensure our customers can keep pace with constant updates.”

IBM AppScan Source 8.7 for iOS will be available March 25th. 

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.