The Common Vulnerabilities and Exposures Dilemma in Mobile Application Testing

The publicly accessible CVE database that identifies, tags, catalogs, known security vulnerabilities make it easier for organizations not only to share information, but also to prioritize what to remediate, to reduce risk to their applications.
Unfortunately, the number of CVEs has continued to grow over the past 10 years; you can see the chart below based on the data from CVE.org
Granted, not all of these CVEs are specifically relevant to mobile applications, but if even a fraction of them are, this creates a significant problem. This is especially true because to balance speed with security, development teams use third-party code libraries which have been known to have vulnerabilities, encryption, and privacy challenges. There has been unmistakable evidence that mobile applications are being shipped without thorough testing. A recent example is Perplexity AI which was recently found to have ten security issues.
Compounding the challenge of an increasing number of CVEs and pressure of reduced time to market, is the inability for mobile application development teams to securely build and test with true interoperability with the devices they need. This is especially the case for iOS devices since the shift towards a more secure OS and the inability to jailbreak continues to accelerate. Jailbreaking enables root-level access, so mobile application security and testing teams can reduce the risk of their applications being targeted by malware and assess their vulnerability to specific attack vectors. This testing is particularly critical to reduce the risk of data leakage or data compromise in industries with sensitive data and significant penalties, such as health care and financial services. Ironically, the increasing security of iOS and the accelerated cycle of devices running newer versions of it make it difficult for those building applications to do so securely.
That’s why Corellium’s virtual hardware platform is critical to today’s mobile application development teams. Corellium Viper with MATRIX offers jailbroken virtual iOS devices running any version at the click of a button and automated mobile app security assessments and real-time reporting.
The entire DevSecOps team benefits from continuous scans that highlight data leaks, insecure network communications, and other vulnerabilities during the application development process. MATRIX automates not only common OWASP checks but also many checks for industry compliance such as HIPAA and PCI, enabling testers to have time to dive deep into exploits and vulnerabilities that matter most. Detailed evidence and easy to understand exportable reporting make it even easier for DevSecOps teams to share data that affects the security, testing, and compliance of mobile applications.
Ready to learn more? Request a free trial of Viper with MATRIX today.
Keep reading

Virtualize Your Way to Bulletproof Mobile App Security

From ASPM to Runtime Reality: How Corellium Enables Real-Time Mobile App Security Detection
