Mobile Application Security Testing (MAST)
zScan Finds Issues Before You Ship
zScan helps mobile app developers identify reputation and financial risks by automatically identifying privacy, security and compliance risks in the development process before apps are released to the public. While traditional code analysis tools assess the quality of a developer’s code overall, zScan’s binary analysis identifies risks an attacker could exploit in the app. Zimperium's zScan:
- Documents risks within mobile apps including hardware specific usage, insecure API calls, and sensitive data handling;
- Allows apps scanning directly from the build pipeline or manually uploaded as desired to the adminstrative console; and
- Enables compliance and security teams to define and customize policies to ensure only the applicable findings are opened.
"With zScan, we are detecting security vulnerabilities before release - in hours rather than weeks - and then automatically provide our third party developer with a list of fixes."
- Application Security Manager, Global Banking Company
Seamless SDLC Integration
zScan integrates directly into your development process without requiring your developers to change processes, implement any new code, or have to log into a separate system console. Once findings are discovered, zScan opens tickets in ticketing systems (like Jira, Cloudbees Jenkins and TeamCity) to provide developers with detailed information and work packages necessary to address the risk. Once fixed, the information is synced back to zScan so security and compliance teams can verify it.
Additionally, zScan’s “Build Compare” capability quickly shows whether risks are trending up or down in each subsequent version. The version comparisons enable organizations to measure compliance progress and to deliver more resilient mobile apps.
Deliver Security and Speed
- Giving you immediate visibility into app risks you would not see with other scanners across privacy and security;
- Identifying compliance issues for NIAP, GDPR and the OWASP Mobile Top 10; and
- Reducing cycle times by analyzing inside the build pipeline, inspecting the data, and documenting details in your existing scrum tool.
“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
- Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)