In an effort to help organizations develop mobile applications that have security baked-in from the start, IBM has announced a series of static application security testing tools for Android.
There are more than 5 billion mobile devices in the world, and according to a recent IBM study, when addressing the BYOD (Bring Your Own Device) phenomenon, 55% of CIOs said that mobile security has become their top concern. It’s just not feasible to ban personal devices in the workplace.
In an announcement, Big Blue noted that beyond the traditional threats – for example, a hacker could perform a SQL injection or scripting attack on the applications – mobile applications also come under attack from malware and phishing, or scanning QR codes with malicious scripts.
Additionally, mobile applications have vulnerabilities specific to mobile devices because they often store sensitive data that can be leaked to malicious applications. This data, once stored locally, typically is outside the protection of the corporate security programs. Thus, the new AppScan analysis capabilities are there to help developers find these vulnerabilities before they become a problem.
“Providing clients with the ability to scan mobile applications for vulnerabilities – including applications developed in-house and outsourced is the next step of our mobile strategy,” said Marc van Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems.
“With more than 120,000 of our own employees accessing IBM’s network through mobile devices, we have had to focus heavily on developing a way for employees to work safely and securely.”
The latest version of AppScan has full integration with IBM’s QRadar Security Intelligence platform, a new Cross-Site Scripting (XSS) analyzer, as well as integration points with IBM’s IPS and SiteProtector.
AppScan will be available later this quarter.
Related: Mobile Security Exploits to Double in 2011, Says IBM X-Force Report
Related: Attacks on Mobile and Embedded Systems: Current Trends