zScan

Mobile Application Security Testing (MAST)

zScan Finds Issues Before You Ship

zScan helps mobile app developers identify reputation and financial risks by automatically identifying privacy, security and compliance risks in the development process before apps are released to the public. While traditional code analysis tools assess the quality of a developer’s code overall, zScan’s binary analysis identifies risks an attacker could exploit in the app. Zimperium’s zScan:

  • Documents risks within mobile apps including hardware specific usage, insecure API calls, and sensitive data handling;
  • Allows apps scanning directly from the build pipeline or manually uploaded as desired to the adminstrative console; and
  • Enables compliance and security teams to define and customize policies to ensure only the applicable findings are opened.

Seamless SDLC Integration

zScan integrates directly into your development process without requiring your developers to change processes, implement any new code, or have to log into a separate system console. Once findings are discovered, zScan opens tickets in ticketing systems (like JIRA, Cloudbees Jenkins and TeamCity) to provide developers with detailed information and work packages necessary to address the risk. Once fixed, the information is synced back to zScan so security and compliance teams can verify it.

Additionally, zScan’s “Build Compare” capability quickly shows whether risks are trending up or down in each subsequent version. The version comparisons enable organizations to measure compliance progress and to deliver more resilient mobile apps.

Deliver Security and Speed

Zimperium’s zScan helps organizations overcome challenges and consistently produce mobile apps with fewer privacy, security and compliance risks by:

  • Giving you immediate visibility into app risks you would not see with other scanners across privacy and security;
  • Identifying compliance issues for NIAP, GDPR and the OWASP Mobile Top 10; and
  • Reducing cycle times by analyzing inside the build pipeline, inspecting the data, and documenting details in your existing scrum tool.

“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”

– Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)

Copyright © 2020 Ameritec All Rights Reserved