We’ve recently worked with several clients in the process of building mobile apps for their organizations. As with desktop, IoT, cloud, and browser-based apps, it is critical to secure our mobile apps before deploying to production environments. The Kiuwan platform helps us to shift security left, identify and fix issues well before its time to release to the Play Store.
Code scans are initiated by running the Kiuwan Local Analyzer (KLA) in your development environment, build server, or CI/CD pipeline.
After scanning with the KLA, results are displayed in the Kiuwan portal, along with all the details needed to fix each vulnerability. The types of security issues uncovered could be information leaks, security misconfigurations, design errors, injection vulnerabilities, and others.
Vulnerabilities may be specific to the language, or to the framework itself – in this case Android:
While Kiuwan SAST focuses on vulnerabilities within our app’s source code, Kiuwan’s Software Composition Analysis identifies threats coming from Third Party dependencies:
We could remediate each issue one by one. But Kiuwan’s Action Plans help us efficiently prioritize security with time that’s available. For example, if there are just 5 hours within a sprint to devote to app security, Kiuwan will identify the highest priority issues we can remediate within that time frame:
Overall, Kiuwan enables us to identify, prioritize, and fix security issues before releasing an Android app to Play Store or elsewhere. This saves time, effort, energy, and continually improves the security of our app as part of any existing development process.