I’m going to put it to you straight: source code analysis is amazingly simple. Unlike penetration testing and complementary security checks, source code analysis has evolved into a literal point-and-click exercise. The hardest part is getting the source code analyzer software installed. Even that’s a non-issue with cloud-based source code analysis services.
Many people from developers to security professionals to higher-level management have never considered the payoffs of source code analysis. They’re there, they’re tangible, and I can’t think of a good reason to not test your source code, especially mobile source code where no software developer is an experienced veteran.
Uncovering security flaws in source code is often the missing link in any information security program. This is especially true with the influx of mobile apps on the market today. Here are three good reasons to test the source code of your mobile apps, starting today:
1. Minimal investment, big payoffs
The time, money, and effort you’ll invest in mobile app source code analysis tools and services will likely be a small fraction of your overall mobile app development cost. From the simplest of marketing apps to more complex online banking apps, I’m finding security and other quality-related flaws that are just as critical as what I find in more complex web applications. You’ll never be able to secure what you don’t test.
2. Reduced risks, compliance as a side effect
I’m not a big believer in compliance as a security strategy. When you test for security vulnerabilities, you should do so in the interest of minimizing business risks rather than appeasing your auditors. If you focus on mobile app security in all the right ways (hint: it’s no different than the tried and true security approaches of the past) you’ll reap the benefits of compliance without even having to think about it.
3. Competitive advantage
Many mobile apps are free. Some are not. Either way, you’re introducing them to stay current, generate buzz to build market share, and ultimately make money. If your customers, your business partners, and the industry as a whole see you taking the security of your mobile apps seriously, you’ll stand out above the noise (and garbage code) that’s out there – in practically every app store – today.
I’m no fortune teller but I do know enough about IT and the markets in which we work to know that the demand for secure mobile apps is only going to grow. That’s why I’m focusing on mobile app testing and that’s why you should as well.
The choice is up to you: find mobile security flaws now, on your terms, or wait until some researcher or hacker thug finds them for you. Mobile is here – now’s the time.
About the author
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 24 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 11 books on information security including the best-selling Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver and connect to him on LinkedIn at www.linkedin.com/in/kevinbeaver.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.