IBM® MobileFirst® Platform Application Scanning helps organizations lower costs and reduce risk exposure by identifying mobile application source code vulnerabilities early in the software development lifecycle, so they can be fixed before deployment. IBM MobileFirst Platform Application Scanning integrates application security testing into your software development lifecycle. It offers enhanced mobile application scanning capabilities and supports testing for mobile applications, which include support for JavaScript, HTML5, Cordova, Java and Objective-C. IBM MobileFirst Platform Application Scanning also provides integration with IBM Worklight Studio and the ability to scan Worklight applications.

IBM MobileFirst Platform Application Scanning can enable:

  • Stronger and more complete software security through integration with IBM Security AppScan®.
  • Improved intelligence through integration with existing tools and processes such as application development, build integration and security monitoring.
  • Security best practices through optional management and enforcement of security policies
  • Governance and compliance assurance that address security requirements and best practices.

Stronger and more complete software security

  • Identifies security vulnerabilities and defects in source code during early stages of the application lifecycle when they are inexpensive to remediate.
  • Builds automated security into development by integrating security source code analysis with automated scanning during the build process.
  • Scans, triages and manages security policies; prioritizes assignment of results to security teams for vulnerability remediation.
  • Delivers fast scans of more than one million lines of code per hour; scans even the most complex enterprise applications.
  • Extends security analysis to Android and Apple iOS mobile applications.

Improved intelligence through integration

  • Integrates with defect tracking systems (DTS), software configuration management and build management tools.
  • Provides increased security intelligence through correlation of static analysis results with dynamic analysis results.
  • Accommodates a broad portfolio of large and complex applications across a wide range of languages.
  • Is built on open architecture to protect your existing investments.

Security best practices

  • Define and enforce consistent policies that can be used throughout the enterprise.
  • Enable enterprise-wide metrics and reporting with a centralized policy and assessment database.
  • Help provide audit and compliance reports that make it easier to understand application-related threat exposures at the executive level.

Governance and compliance assurance

  • Provide visibility into security and compliance risks presented by the identified security issues.
  • Deliver more than 40 security compliance reports, including PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act (GLBA) and Basel II.
  • Focus on mobile application security, including an Open Web Application Security Project (OWASP) Top 10 Mobile Risks report.
  • Support creation of customized reports to align with your organization’s security best practices.