IBM AppScan security launch can ID vulnerabilities in Apple’s iOS

21 February 2013

Ahead of the Mobile World Congress (MWC) next week, IBM is unveiling a new security solution for Apple’s iOS operating system that assesses any potential vulnerabilities in the software development kit (SDK) and allows users to work around them when designing apps.

The IBM AppScan Source 8.7 for iOS follows on from a similar product previously launched for Google’s Android apps environment and SDK. The Apple launch is designed for financial institutions (FIs) and other organisations trying to maintain strict mobile channel security guidelines and policies.

IBM AppScan Source 8.7 for iOS, which will go on sale on 25 March after the MWC-linked marketing campaign ends, will give users the ability to improve security quality without sacrificing the time-to-market of mobile application projects, claims IBM. The vendor adds that it will allow FIs and others better protect each mobile application release in the face of constant updates. The new security protocol is part of IBM's over-arching MobileFirst initiative.

In addition, IBM AppScan Source 8.7 for iOS can reduce the cost of developing secure applications by building security early on into the development cycle, says the vendor. It provides developers with a view into where vulnerabilities may appear in their mobile applications, allowing potential security pitfalls to be avoided further down the line. New capabilities for the updated product include:

• Complete language support for objective-C, JavaScript and Java: Includes the ability to do call and data flow analysis that will generate trace information. This new capability enables FIs and other organisations to build secure enterprise mobile applications, regardless of technology choice, for employees and partners.

• US government regulation compliance: Provides compliance with two important standards – Federal Information Processing Standard (FIPS) Publication 140-2 and Internet Protocol version 6 (IPv6).

• 40,000 mobile security application processing interfaces (APIs) supported: IBM’ security research unit conducted an analysis of Apple’s iOS software development kit (SDK) to include coverage of APIs that might introduce security risks. The API profiles have been added to the IBM AppScan Source security knowledgebase and tied to the analysis engine. Combined with the research conducted on the Android SDK, IBM AppScan Source has now characterised the security risk of approximately 40,000 mobile APIs.

“This project showcases IBM’s execution of its [MobileFirst] strategy to help clients incorporate security into their infrastructure and solutions from the design, development and testing phases rather than leaving security to become an afterthought,” said Caleb Barlow, director of application, data and mobile security, IBM. “It also aligns with the IBM mobile unit’s strategy of empowering organisations with the confidence to aggressively evolve and seize the business potential that mobility promises.”

Bobsguide will have a reporter at the MWC 2013 show next week and produce a full report on it, with follow-up interviews and articles. Please visit our blog section. For last year's show report please click here.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development