Latest news
IBM releases software for developing secure mobile apps
Posted on 05 June 2012.
IBM announced new software to help organizations develop mobile applications that are more secure by design. Now, clients can build security into the initial design of their mobile applications so that vulnerabilities will be detected early in the development process.
With more than five billion mobile devices in the world - and only 2 billion computers - the shift to mobile devices as the primary form of connecting to corporate networks is increasing rapidly. Securing those devices is becoming a top priority for security executives and CIOs.
As companies embrace the growing "Bring Your Own Device" (BYOD) trend, the need to secure the applications that run on these devices is becoming more critical. According to the 2011 IBM X-Force Trend and Risk Report, mobile exploits increased by 19 percent in 2011. In addition, according to the recently released data from the IBM Center for Applied Insights study, 55 percent of respondents cited mobile security as a primary technology concern over the next two years.
The rapid consumerization of mobile endpoints, applications and services has created the urgent need to secure corporate applications on employees' devices. With the latest release of the IBM Security AppScan portfolio, IBM now offers a robust application development security solution, allowing clients to integrate mobile application security testing throughout the application lifecycle.
Security on the go
Mobile applications represent a new threat target, since they carry a higher risk of attack compared to web application vulnerabilities. Attackers are increasingly focusing on mobile applications because many organizations are not aware of the security risks introduced by the most basic mobile applications. Beyond the traditional threats, for example, a hacker could perform a SQL injection or scripting attack on the applications. Mobile applications also come under attack from malware and phishing, or scanning QR codes with malicious scripts.
Additionally, mobile applications have vulnerabilities specific to mobile devices because they often store sensitive data that can be leaked to malicious applications. This data, once stored locally, typically is outside the protection of the corporate security programs. The new AppScan analysis capabilities will find these vulnerabilities to help developers build more secure mobile applications.
“Providing clients with the ability to scan mobile applications for vulnerabilities--including applications developed in-house and outsourced is the next step of our mobile strategy," said Marc van Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems." With more than 120,000 of our own employees accessing IBM's network through mobile devices, we have had to focus heavily on developing a way for employees to work safely and securely."
Mobilizing the workforce
IBM extends its static application security testing to native Android applications, which allows clients to conduct their own testing for mobile applications. In the past, for mobile application security testing to be done, clients would have to send their applications and software IP to an offsite vendor to test for vulnerabilities.
This approach doesn't scale and the response time is too slow, as mobile applications undergo constant revisions and updates. Organizations need to address mobile application security testing in-house early in the software development life cycle.
New capabilities:
With more than five billion mobile devices in the world - and only 2 billion computers - the shift to mobile devices as the primary form of connecting to corporate networks is increasing rapidly. Securing those devices is becoming a top priority for security executives and CIOs.
As companies embrace the growing "Bring Your Own Device" (BYOD) trend, the need to secure the applications that run on these devices is becoming more critical. According to the 2011 IBM X-Force Trend and Risk Report, mobile exploits increased by 19 percent in 2011. In addition, according to the recently released data from the IBM Center for Applied Insights study, 55 percent of respondents cited mobile security as a primary technology concern over the next two years.
The rapid consumerization of mobile endpoints, applications and services has created the urgent need to secure corporate applications on employees' devices. With the latest release of the IBM Security AppScan portfolio, IBM now offers a robust application development security solution, allowing clients to integrate mobile application security testing throughout the application lifecycle.
Security on the go
Mobile applications represent a new threat target, since they carry a higher risk of attack compared to web application vulnerabilities. Attackers are increasingly focusing on mobile applications because many organizations are not aware of the security risks introduced by the most basic mobile applications. Beyond the traditional threats, for example, a hacker could perform a SQL injection or scripting attack on the applications. Mobile applications also come under attack from malware and phishing, or scanning QR codes with malicious scripts.
Additionally, mobile applications have vulnerabilities specific to mobile devices because they often store sensitive data that can be leaked to malicious applications. This data, once stored locally, typically is outside the protection of the corporate security programs. The new AppScan analysis capabilities will find these vulnerabilities to help developers build more secure mobile applications.
“Providing clients with the ability to scan mobile applications for vulnerabilities--including applications developed in-house and outsourced is the next step of our mobile strategy," said Marc van Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems." With more than 120,000 of our own employees accessing IBM's network through mobile devices, we have had to focus heavily on developing a way for employees to work safely and securely."
Mobilizing the workforce
IBM extends its static application security testing to native Android applications, which allows clients to conduct their own testing for mobile applications. In the past, for mobile application security testing to be done, clients would have to send their applications and software IP to an offsite vendor to test for vulnerabilities.
This approach doesn't scale and the response time is too slow, as mobile applications undergo constant revisions and updates. Organizations need to address mobile application security testing in-house early in the software development life cycle.
New capabilities:
- Integration with IBM's QRadar Security Intelligence Platform allows for increased Security Intelligence when an application is moved into production. By correlating known application vulnerabilities with user and network activity, QRadar can automatically raise or lower the priority score of security incidents.
- A new Cross Site Scripting (XSS) analyzer which uses a learning mode to quickly evaluate millions of potential tests from less than 20 core tests. This new XSS analyzer finds more XSS vulnerabilities faster than any previous version of AppScan.
- New static analysis capabilities help companies adopt broad application security practices through simplified on-boarding of applications and empowering non-security specialists to test faster than with prior releases.
- Predefined and customizable templates that provide development teams the ability to quickly focus on a rule set prioritized by their security teams,helping corporations focus on key issues for them across their organization.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
