Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Enterprise Application Security For Mobile Devices

Veracode : 11 February, 2011  (New Product)
Veracode introduces mobile application security for the enterprise with extended support for Android and Apple equipment
Rapid adoption of mobile devices and mobile apps as a critical part of an enterprise IT strategy has created a significant and unbounded security risk. Challenged to implement enterprise-wide application security policies, CIOs and CISOs are realizing they have significantly lower visibility, expertise and control over mobile apps and devices compared to other layers of their IT infrastructure. To mitigate emerging mobile threats, Veracode, Inc., provider of the world’s only independent cloud-based application risk management platform, today launched the industry’s most comprehensive mobile app security verification service. The company also announced the “Mobile App Top 10 List” to establish an industry-wide security standard to enable organizations to implement application security policies across their mobile app environment.



Veracode currently provides application security verification for RIM’s BlackBerry operating system (OS) and Windows Mobile. Support for Google’s Android OS will be available this quarter with Apple iOS support in Q2 ’11. Veracode is accepting all mobile app submissions, regardless of platform, for security verification as part of its extensive beta program. Veracode will discuss its new mobile application security services at the RSA Conference 2011 in San Francisco, February 14-18 at booth #629.



Security Shouldn’t Be An Afterthought



Secure coding, security testing and basic security precautions may often be an afterthought in today’s rapid mobile app development process, as evidenced, in-part, by the lack of encrypting bank account access codes in Citbank’s iPhone app last year. The mobile app malware threat is also quickly progressing from simple “premium SMS and call” attacks that directly monetize by running up the victims bill, to full- blown mobile botnet functionality, such as the recently discovered Geinimi Trojan for Android phones.



“More and more enterprises are realizing that 2011 is quickly becoming the tipping point for mobile security issues,” said Nigel Stanley, practice leader, IT security, Bloor Research. “For both active and passive attacks ranging from GSM air interface attacks through to the use of Trojan malware to target users, with Veracode I share my intense interest in best practices for mitigating these risks and what steps users, businesses, developers and organizations need to take to secure their smartphones and apps. With this launch, enterprises failing to investigate and act on mobile app security vulnerabilities due to lack of a pragmatic and cost-effective solution are no longer excusable.”



Enterprises are threatened by applications built in-house, off-the-shelf, outsourced and with third-party components that are deployed via the cloud, web and on mobile platforms. To manage this mounting, and what appears to be uncontrollable, risk CIOs and CISOs must implement policy-driven application risk management programs and seek independent security verification of all their applications including mobile applications from all their stakeholders across their entire software supply chain.



“CIOs and CISOs are increasingly aware that next generation software infrastructure for their enterprise is increasingly ‘cloud-sourced’ and developed from unknown or untrusted third-party app stores and developers,” said Matt Moynahan, CEO, Veracode. “While the cost and functional benefits of embracing the cloud are many, it is critical to ensure the security risks associated with this model are controlled. Veracode’s broadened platform support will enable security professionals to implement mobile app security policies as easily as they do for internally developed applications.”



Setting New Mobile Security Standards



To increase industry awareness and dialogue about mobile app threats specifically, Veracode has established its “Mobile App Top 10 List.” The goal of the list is to serve as an industry standard for categorizing malicious functionalities and to serve as a checklist of vulnerabilities that developers and security teams can collectively utilize to determine what mobile app risks exist and how they can be effectively and efficiently mitigated. While traditional security vulnerabilities can be compounded by mobile use case specifics and new, platform-particular challenges, the same best practices established in other environments should be adhered to.



“While much has been done in terms of setting standards for the security of web applications, we felt it was necessary to extend the same rigorous framework to mobile,” said Chris Wysopal, CTO, Veracode. “In the mobile app market, we see both inadvertent coding errors and intentional, malicious code as security culprits. We strongly recommend industry-wide adoption of the Mobile App Top 10 for the development of apps, as part of an app store vetting process, for acceptance testing of an app, or for use by providers of security software running on mobile devices.”



The Mobile App Top 10 List can easily be adopted by enterprises seeking to gain focus and control, and support more well-informed discussions with development teams about the security of their applications. It can also be an important foundation for understanding specific threats such as activity monitoring and data retrieval; unauthorized dialing, SMS and payments; system modification; and sensitive data leakage, which can be magnified in a mobile environment.



Most importantly, The Mobile App Top 10 can serve as the standard to which compliance must be demonstrated through independent testing, much like the OWASP Top 10 or CWE/SANS Top 25 are used for verifying traditional, third-party applications. Visit The Mobile App Top 10 to learn the complete list including threat details and examples. To engage the community in discussion visit the ZeroDay Labs Blog “Mobile App Top 10 List” and post a comment.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo