Login

Register

Login

Register

#mobilesecurity | #android | #iphone | Automating mobile app security certification | #cybersecurity | #informationsecurity


Automating mobile app security certification

A partnership between federal agencies has devised a way to speed the expensive and time-consuming security compliance checks required for mobile apps developed or used by federal agencies.

Under a joint pilot program, the Department of Homeland Security’s Science and Technology Directorate and the National Information Assurance Partnership, which is managed by the National Security Agency,  demonstrated that the app security certification process can be automated.  This can  give agencies a way to quickly, affordably and reliably determine if apps meet NIAP’s security standards, or protection profiles (PP), according to a June 29 DHS S&T report on automating NIAP requirements testing for mobile apps.

The pilot set out to determine whether an automated compliance tool could deliver results comparable with the rigorous NIAP-certified testing. Kryptowire LLC, a mobile app security provider, performed an automated analysis of Android and Apple iOS versions of the Intelligent Waves’ Hypori virtual smartphone technology. DHS S&T awarded Hypori a Small Business Innovation Research contract to build prototypes of its virtual mobile infrastructure for government customers evaluating using Hypori as a service.

The results were analyzed by Leidos’ Common Criteria Testing Laboratory to determine if Kryptowire’s results were consistent with results expected from a conventional, manual NIAP evaluation.

The pilot was successful, demonstrating that app evaluation time can be condensed from weeks to hours, and showing “that it is indeed possible to automate significant portions of the app software evaluation process, thereby increasing efficiencies, shortening approval times, and reducing costs,” the report said.

“The pilot’s success is significant in that automating these evaluations to deliver accurate and trustworthy results will lower the barrier to entry by reducing the burden needed for NIAP PP Mobile App Vetting certifications,” Mobile Security Program Manager Vincent Sritapan said in a DHS statement. “This increased testing will raise the security posture of the government’s mobile app ecosystem and at the same time raise confidence among app end-users, primarily the tax-paying public.”

Besides improving the NIAP certification process, the pilot demonstrated other potential benefits to automated app vetting:

  • Automated vetting will allow for faster testing and fielding of app updates.
  • Apps can be assessed for basic compliance before a formal NIAP evaluation, reducing risk for agencies, software vendors and end-users.
  • Apps can be accurately vetted without access to source code.
  • Apps can be vetted against updated requirements without undergoing a full recertification.
  • Agencies will be able to reduce risks from commercial software by being able to identify NIAP compliant apps.

DHS S&T has been partnering with Kryptowire on automated app security for several years, earning a nomination for a GCN innovation award in 2016 for its work on a cloud-based research and development system for assessing risk, analyzing vulnerabilities and archiving mobile applications.

About the Author



Connect with the GCN staff on Twitter @GCNtech.

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .





Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW