How to Secure Applications 'On the Move'

With DAST and MAST automated test systems, security teams can narrow the gap between security needs and security resources.

Dark Reading Staff, Dark Reading

September 7, 2020

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Most mobile applications fail critical security tests. Quite often, businesses apply their mobile application security processes to their use of web security scanning tools. In our current climate, the key to business survival is to secure mobile applications fast and under the correct security process to identify and fix.

On July 21, the New York Times ran a story outlining the defects in a hastily developed mobile app that was to help South Korea enforce its strict quarantine rules. These defects could have led hackers to a wealth of personal information, including the names, locations, birth dates, genders, nationalities, phone numbers, and medical symptoms of anyone hacked.  

But Korea wasn’t alone. The Times also found that a virus-tracing app in India could leak users’ precise locations. Amnesty International discovered flaws in a Qatari exposure-alert app. Other nations, including Norway and Britain, have also had to revise their virus apps in response to privacy issues. And in the United States, the adoption of Covidwise, the jointly developed contact tracing app from Google and Apple, is experiencing very slow and hesitant adoption, mainly over concerns about security and relinquishing personal health information.

These concerns have been amplified by human rights groups that have warned that the design of many apps puts millions at risk for stalking, scams, identity theft or oppressive government tracking. The apps could also undermine trust in public health efforts.

However important, personal health is only one area where electronic security issues are currently in the spotlight. Throughout the United States, at every government level, there is obvious concern involving the integrity of election systems. These concerns include the relative ease of hacking into voting machines and credible threats to voter registration systems, election websites, and voter privacy. Administration attacks on the alternative – paper ballots submitted by mail – have only accentuated these fears. And, of course, consumer-facing businesses of every sort have sharply ramped up their online and mobile presence to find ways of meeting customer needs while maintaining social distance.

One predictable result of the rapid expansion of sensitive mobile and remote workplace communications is that the number of qualified cybersecurity professionals who are available to work with developers and monitor for issues after their applications are deployed is simply inadequate. When it comes to data security specialists, there is a serious talent shortage. As a result, the imperative to build and deploy apps quickly frequently results in cutting corners, particularly when those corners involve security. 

Implementing automation, however can help test and fix mobile apps for security vulnerabilities when launching in a shorter time frame. And it doesn’t need to take a lot of time.  Automated AI-enabled systems produced by several suppliers are helping developers move along at warp speed in developing secure applications but without spending an inordinate amount of effort addressing risk analyses or compliance requirements. 

Two closely-related families of these automated test systems – Dynamic Application Security Testing, or DAST, and its sister, on-demand Mobile Application Security Testing, or MAST – are commercially available. In essence, what they do is to analyze static and mobile-optimized websites, configure and conduct vulnerability scans, track flaws that they find, and then report their findings quickly and accurately to guide developers in fixing them.

DAST and MAST automation can close the gap in an era of massive data security issues and a shortage of qualified security professionals.

About the Author: Judy Sunblade, VP, Revenue Growth & Enablement, WhiteHat Security, Inc., an independent, wholly owned subsidiary of NTT LTD
Judy is part of the executive leadership team at WhiteHat Security, leading demand generation, sales development, field & revenue enablement, product marketing, marketing operations, and corporate communications. Judy has over 20 years of experience in technology and security high growth companies driving go-to-market strategies that accelerate sales and close revenue.

Read more about:

2020

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights