Mobile

NIST shares tool for vetting mobile apps

The National Institute of Standards and Technology has launched a web-based application for developers to assess their self-created mobile apps for risk and hosting requirement conformity. The app, called AppVet, is free to use and is designed to be accessed through a browser. 

While NIST does not host or run AppVet for public use -- "NIST does not accredit or approve apps," the project's FAQ flatly states -- the tool can be downloaded and run by any interested organization.

“AppVet is a simple web-based application for vetting mobile apps,” according to NIST. “It facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, accessing reports, and assessing risk.”

The process begins when someone submits an app, which is analyzed by extracting its metadata. Once analyzed, additional functionality can be provided according to the requirements of the hosting organization. The app and its information are then sent to other tools for assessment and an overall report is generated.

It was designed for developers, analysts and app stores and can be easily integrated with third-party tools, such as static and dynamic analyzers, anti-virus scanners and vulnerability repositories. And the risk assessment that it generates is ultimately determined by those third-party components.  Users are strongly urged to use a standardized approach such as the Common Vulnerability Scoring System to make risk assessments.

About the Author

Reid Davenport is a former FCW editorial fellow. Connect with him on Twitter: @ReidDavenport.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.