dcsimg

Find an IT Download

Vetting the Security of Mobile Applications

The purpose of this document is to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, and understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities.


1.04 KB | 3 files | null PDF

Recently, organizations have begun to deploy mobile applications (or apps) to facilitate their business processes. Such apps have increased productivity by providing an unprecedented level of connectivity between employees, vendors, and customers, real-time information sharing, unrestricted mobility, and improved functionality. Despite the benefits of mobile apps, however, the use of apps can potentially lead to serious security issues. This is so because, like traditional enterprise applications, apps may contain software vulnerabilities that are susceptible to attack. Such vulnerabilities may be exploited by an attacker to gain unauthorized access to an organization's information technology resources or the user's personal data.

To help mitigate the risks associated with app vulnerabilities, organizations should develop security requirements that specify, for example, how data used by an app should be secured, the environment in which an app will be deployed, and the acceptable level of risk for an app. To help ensure that an app conforms to such requirements, a process for evaluating the security of apps should be performed. NIST refers to this process as an app vetting process. An app vetting process is a sequence of activities that aims to determine if an app conforms to an organization's security requirements. An app vetting process comprises two main activities: app testing and app approval/rejection. The app testing activity involves the testing of an app for software vulnerabilities by services, tools, and humans to derive vulnerability reports and risk assessments. The app approval/rejection activity involves the evaluation of these reports and risk assessments, along with additional criteria, to determine the app's conformance with organizational security requirements and ultimately, the approval or rejection of the app for deployment on the organization's mobile devices.

The purpose of this document is to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities, and determine if an app is acceptable for deployment on the organization's mobile devices.

The attached zip file includes:

  • Intro Page.pdf
  • Terms and Conditions.pdf
  • Vetting Security Mobile Apps.pdf

Related IT DOWNLOADS

Recent IT Downloads
Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversat...Read More

Recent IT Downloads
Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat inform...Read More

Recent IT Downloads
Colocation Checklist

This checklist will help make sure you ask the important questions that will affect your coloc...Read More

Recent IT Downloads
Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including ...Read More