Through 2015, more than 75 percent of mobile applications will fail basic security tests, according to research firm Gartner Inc. Workers download from app stores and use mobile applications that can access enterprise assets or perform business functions, and these apps have little or no security assurances, the firm says. They’re exposed to attacks and violations of corporate security policies.
“Enterprises that embrace mobile computing and bring-your-own-device strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance,” Dionisio Zumerle, principal research analyst at Gartner, said in a statement. “Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
Existing static application security testing and dynamic application security testing vendors will modify and adjust these technologies to address mobile application cases and meet mobile application security testing challenges, Gartner says. Although SAST and DAST have been used for several years and have become “reasonably mature,” mobile testing is a new area for these technologies, the firm says.
In addition to SAST and DAST, a new kind of test called behavioral analysis is emerging for mobile applications, the report says. The technology monitors a running application to detect malicious and risky behavior exhibited by an application.
