Unsolved
This post is more than 5 years old
2 Intern
•
265 Posts
0
1185
March 25th, 2016 06:00
Mobile Application Security with Open-Source Tools
Application Software is an important component for enabling social interaction, mobilizing information access, performing data analytics, and enabling pervasive access thanks to cloud.
As such, securing applications from security vulnerabilities is a fundamental yet vital consideration. However, designing the application with an emphasis on security and testing them for security vulnerabilities are either independent activities outside of development, or ignored partially from the lifecycle of software development. Application Development efforts often focus on functionality. The paradox is that, while Developers are not security experts, they are expected to build secure applications. Conversely, security folks often have limited development experience but their duty is to assess the security of the developed code.
Global surveys identify application security as one of the major security concerns for organizations. Therefore, it becomes very important that security is integrated continuously in the application development like all other essential activities. A quick and effective way to achieve this objective is to decentralize security ownership in application development, and empower the development team to build security in all phases of development.
In this Knowledge Sharing article, Sakthivel Rajendran focuses on integration of information security in mobile application software development on a continuous basis. Sakthivel suggests useful open source security assessment tools for iOS and Android platforms since these two are the major mobile application development platforms today. Additionally, setting up an isolated mobile assessment lab, building a security assessment tool chain, and establishing a minimum baseline of security test cases covering all four major components of mobile applications – network, data, applications, and device – is also covered.
This article will be of particular interest to Development teams, Application Architects, IT Project Management, Quality Assurance, Network Security, Enterprise Architects, Information Security Architects, IT Security Managers, Audit and compliance functions, System administrators, program managers, and security operations personnel.