Gartner: 75% of apps will fail standard security tests next year

[[119909]]

Beijing time, September 16th morning news, market research firm Gartner predicted that 75% of mobile applications will not pass the most basic security tests next year.

Gartner released a report last Sunday saying that in 2015, most mobile applications in the Android, iOS and Windows Phone ecosystems will not have basic security protocols that can be accepted by enterprises. In the increasingly popular environment of BYOD (bring your own device to work), enterprises will face serious problems. The report pointed out that some mobile applications are conducive to the work of enterprise employees, but lack basic security standards, so not only will the enterprise security policy be at risk, but the enterprise data and network will also become vulnerable to attack.

"Organizations embracing mobile computing and BYOD strategies will face security gaps unless they adopt mobile application security testing and risk assurance methods and techniques," said Dionisio Zumerle, principal research analyst at Gartner. "Most organizations have no experience with mobile application security, and even if application security testing is performed, it is often performed by developers who are most concerned with application functionality rather than security."

He said that existing static application security testing (SAST) and dynamic application security testing (DAST) service providers need to modify and adjust their tests to meet the needs of mobile technology. These two tests have been used for ten years, but mobile applications will bring new challenges due to their diversity and dependence on evolving mobile operating systems. In addition, mobile device security testing based on behavioral analysis is emerging, which can test graphical user interfaces and run background applications to detect malicious or risky behaviors. However, these measures are not enough, and enterprise users should also ensure that servers are continuously tested and protected.

Zumerle said: "More than 90% of enterprises are using third-party business applications to implement mobile BYOD strategies, and the current major application security testing services should be used in this area. Many applications in the app store are indeed useful, but enterprises and individuals should pay attention to their security when using them and only download and use applications that have successfully passed professional application security testing."

Gartner predicts that by 2017, "endpoint" vulnerabilities will be concentrated in tablets and smartphones, and by then "the security features currently provided by mobile devices will not be sufficient to minimize vulnerabilities." The company also predicts that 75% of mobile security vulnerabilities in 2017 will be the result of misconfigured mobile applications.