Mobile app security testing- are you checking for all the flaws?

Mar 11, 2013 By carolineb

By Kevin Beaver

I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite).

If you’re a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together getting in the app stores.

I’ve used CxDeveloper to find flaws in iOS and Android-based apps that may not be discovered via traditional testing such as:

  • Code injection
  • Session fixation
  • Path traversal
  • Weak passwords
  • Hard-coded cryptographic keys

…all things that I’m not smart enough to find on my own. Nor do I have the time.

For a few years now, I’ve dealt with the folks at Checkmarx and everyone from their CTO to their Director of Marketing – and a few others in between – has been super nice and responsive to my sometimes ridiculous requests.

Here’s a guest blog post I’ve written for them:
Three compelling reasons to check your mobile app source code 

And a webinar as well:
The Business Value of Partial Code Scanning 

I also cover CxDeveloper in my Mobile Security chapter in the latest edition of my book Hacking For Dummies.

CxDeveloper isn’t without its flaws. It’s installation process and interface can be cumbersome but nothing that can’t be overcome. It’s certainly a worthy alternative to the big-box competitors…check it out if you want to find out the rest of the story with your mobile apps.

Source: http://securityonwheels.blogspot.co.il/2013/02/mobile-app-security-testing-are-you.html

The following two tabs change content below.

carolineb

Latest posts by carolineb (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.