IBM development package can boost mobile app security

Applications are the Achilles’ heel of government mobile device programs. They are a vital and growing component of agencies’ future IT use, but they also present a number of attack vectors into government networks.

IBM is offering a more baked-in approach to mobile app security, with the release of a software portfolio that can help organizations building applications integrate mobile security testing across an application’s life cycle.

The AppScan system lets organizations test their own Android applications, IBM officials said. Previously, to test the security of mobile applications, organizations usually had to send their applications and software intellectual property to an off-site vendor to test for vulnerabilities.

Related stories:

Latest in Army training: How to write your own apps

The app to get agencies to start building apps

This process does not scale and is too slow to meet the pace of revisions and updates that mobile applications constantly undergo. Organizations need to set up in-house mobile applications security testing early in the software development life cycle, IBM officials said.

Besides testing mobile applications, the IBM portfolio offers a number of other capabilities:

  • Integration with IBM's QRadar Security Intelligence Platform for increased security intelligence when an application moves into production. QRadar automatically raises or lowers the priority score of security incidents by correlating known application vulnerabilities with user and network activity.
  • A new Cross Site Scripting analyzer that can quickly evaluate millions of potential tests from less than 20 core tests, allowing it to find more XSS vulnerabilities faster than previous versions of AppScan.
  • New analysis capabilities allow organizations to adopt broad application security practices through simplified application loading and by allowing non-security specialists faster testing capabilities. 
  • Predefined and customizable templates that give development teams the ability to quickly focus on a rule set prioritized by their security teams, helping agencies focus on key organizationwide issues.

AppScan also integrates with IBM Security Network IPS and IBM Security SiteProtector and is sold as a regular component of IBM Guardium and IBM Security Access Management systems for end-to-end application security.

IBM Security AppScan is scheduled to be available this quarter.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected