IBM upgrades AppScan to challenge mobile security risks

AppScan to address increased BYOD and Android threats

IBM has updated its AppScan security suite to tackle emerging security threats posed by mobile applications, as the "bring your own device" (BYOD) trend gains traction. BYOD means that a growing number of personal phones and tablets are connecting to corporate networks, potentially causing significant security headaches for IT managers.

The software will target such avenues of attack as SQL injection and XSS, and will address growing threats from the Android platform, which has boomed in popularity in recent years on tablets and mobile phones.

IBM says the suite delivers intelligence-based app scanning through integration with the QRadar Security Intelligence Platform, which IBM gained when it acquired Q1 Labs in October 2011.

"This integration puts the results of a scan to work right away," said senior manager, application security product management for IBM Security, Larry Gerard on the IBM Software blog.

"For example, if a production application is scanned, and critical vulnerabilities are found, companies cannot shut down those applications to get those vulnerabilities fixed. If critical enough, companies may pull some of their key resources off projects to fix these vulnerabilities, and thoroughly test them, which may result in costly delays to push the fixes through a full development lifecycle," he added.

The QRadar integration, said Gerard, means application vulnerabilities can be monitored while applications are running in the wild, feeding back to testing builds of new versions and enabling "fixes to be bundled in with the next project updates and reducing the costs to push a quick fix through the development organisation separately".