devices is one of the biggest headaches faced by IT departments. Earlier this week, IBM announced updated software
designed to help organizations create more secure mobile applications.
IBM's updated version of its Security AppScan portfolio provides what the company calls "a robust application development security solution," in that it enables clients to conduct security testing throughout an application's development lifecycle. The new release can now conduct static application security testing on native Android apps.
Marc van Zadelhoff, vice president of Strategy and Product Management for IBM Security Systems, said in a statement that "providing clients with the ability to scan mobile applications for vulnerabilities," including apps developed either in-house or outsourced, "is the next step of our mobile strategy."
Prior to the update, IBM said, companies that use IBM's software would have to send mobile apps to an off-site vendor to test for vulnerabilities.
Other new capabilities in the new release include integration with IBM's QRadar Security Intelligence Platform, such that additional information becomes available about vulnerabilities when an app is moved into production. QRadar compares app vulnerabilities with user and network activity, and thus can automatically lower the priority score as it relates to security.
The new release also includes a Cross Site Scripting (XSS) analyzer, whose learning mode can help to evaluate millions of potential tests from 20 core tests or less. The company said that the new analyzer finds more XSS security issues than any previous release of AppScan. New, predefined but customizable templates can help app development teams to develop a rule set for their security teams.
19 Percent Increase
There are also new static analysis capabilities to help companies adopt best practices for security, through a simplified on-boarding of apps and through enabling non-security specialists to test faster than earlier releases of AppScan allowed.
The updated AppScan also provides integration with IBM Security Network IPS and Security SiteProtector, to provide a comprehensive framework for security.
The need for mobile security has never been more urgent. IBM cites a report conducted by the company which found that mobile exploits increased by 19 percent last year.
In May, IBM released a study about how security decisions are made in companies, at an executive level.
IBM's Center for Applied Insights interviewed more than 130 security leaders around the world for the report, entitled Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment. Among other things, it found that the most advanced organizations have located control of the information security budget in the hands of the CIO or the CEO.
Less advanced organizations often do not maintain a dedicated budget line item for security, the report found. In percentages, 71 percent of the surveyed advanced organizations had budgets dedicated to security, compared to 27 percent of less-advanced ones.
Posted: 2012-06-13 @ 7:29am PT
Mobile app security is a huge priority for developers and consumers. Our mobile devices are storing more and more personal data each day. Hacked applications or app viruses can pose a great threat to user security if not properly monitored. Maintaining updated software is a critical component of a secure mobile app solution. http://bit.ly/HWhOoo