/nov 16, 2017

Announcing Mobile Security Testing at DevOps Speed

By Jon Janego

Veracode is pleased to announce a completely redesigned, significantly faster mobile application security scanner for iOS, and mobile behavioral analysis for iOS and Android applications.

Our new iOS scanner and mobile behavioral analysis technology combine to give you faster, more thorough mobile scanning results. Faster scan times, plus a unified view of results in the Veracode platform, means mobile application security testing keeps moving at DevOps speed.

New iOS Scanner

Veracode Static Analysis now includes our fastest-ever mobile application scanner for iOS applications. Thanks to an innovative new scanning engine, scans now complete in a fraction of the time compared to the performance of previous iOS scanning technology. This scanner also supports iOS 11, which was just released by Apple in late September, and will serve as the basis of all new iOS scanner development.

New Behavioral Analysis

Additionally, we are launching mobile behavioral analysis for both iOS and Android mobile applications. Mobile behavioral analysis provides security teams with a better understanding of insecure application behavior.  For instance, a common risk present in mobile applications is "over-permissioning,” where the app uses more permissions than is necessary (such as reading from address books or accessing the camera), which can lead to the potential for abuse.

We also take a unique approach to uncovering these behaviors. Veracode follows the data flow in the application without having to execute it. This approach allows us to detect all behaviors that an application is capable of, not just behaviors exhibited during a test run. In addition, this approach simplifies the process of supporting new OS updates to the rapidly changing mobile application ecosystem.

Designed to accommodate fast-moving mobile development teams following DevOps practices, our behavioral testing features:

Lightning-fast scans: The majority of iOS and Android mobile application scans complete within minutes, meeting the speed requirements of DevOps teams.

Actionable results: Results populate immediately upon the completion of the iOS scans and in-real time as they are discovered for Android applications. This means that the DevOps teams have much better visibility into changes they need to make as soon as they are available. In addition, all your scan results are now in one place – mobile behavioral findings are in the Veracode platform, along with all of your other static, dynamic, and software composition analysis results – so you’ll easily get a unified view of your security posture.

Mobile development teams can begin using this exciting new functionality today. See the Veracode Help Center for more information about its use.

Related Posts

By Jon Janego

Senior Product Manager for Veracode Static analysis. Jon is responsible for the strategy of all Veracode Static Analysis features. Jon has been with Veracode since 2013, and has been working in information security since 2008 in a variety of consulting and product-oriented roles. Jon lives in Chicago, IL.