HOW Zimperium HELPS
Mobile Application Security Testing (MAST)
Zimperium’s zScan helps organizations overcome challenges and consistently produce mobile apps with fewer privacy, security and compliance risks by:
- Giving you immediate visibility into app risks you would not see with other scanners across privacy and security;
- Identifying compliance issues for NIAP, GDPR and the OWASP Mobile Top 10; and
- Reducing cycle times by analyzing inside the build pipeline, inspecting the data, and documenting details in your existing scrum tool.
zScan Finds Issues Before You Ship
zScan helps mobile app developers identify reputation and financial risks by automatically identifying privacy, security and compliance risks in the development process before apps are released to the public. While traditional code analysis tools assess the quality of a developer’s code overall, zScan’s binary analysis identifies risks an attacker could exploit in the app. Zimperium’s zScan:
- Documents risks within mobile apps including hardware specific usage, insecure API calls, and sensitive data handling;
- Allows apps scanning directly from the build pipeline or manually uploaded as desired to the adminstrative console; and
- Enables compliance and security teams to define and customize policies to ensure only the applicable findings are opened.
Seamless SDLC Integration
zScan integrates directly into your development process without requiring your developers to change processes, implement any new code, or have to log into a separate system console. Once findings are discovered, zScan opens tickets in ticketing systems (like Jira, Cloudbees Jenkins and TeamCity) to provide developers with detailed information and work packages necessary to address the risk. Once fixed, the information is synced back to zScan so security and compliance teams can verify it.