AppDNA Application Security Analysis
In today’s security conscious world, it is crucial that IT administrators ensure that applications in their portfolio are hardened against common software threats and vulnerabilities. While there are many tools and services that exist, they commonly require significant time, cost and a high level of expertise to operate.
Recently released as part of Citrix AppDNA 7.9, is a new Compliance Manager reporting module. This module, as the name suggests, details your applications portfolio for Security and Compliancy outputting a standard AppDNA report. The use of this report provides valuable insight into the applications you are planning to deploy into your IT infrastructure, detailing any security risks they may introduce. Initially, 12 algorithm checks are included as part of the AppDNA Security module, although Citrix plan on increasing the number of algorithms in the future.
The current algorithms included as part of the initial release have been categorised into three main groups:
- Outdated Versions of Runtime or Compiler. Assesses security and compliance issues caused by outdated compilers or runtimes.
- Deprecated Products. Assesses applications which reference components that have been deprecated due to security vulnerabilities.
- Best Practice Violations. This algorithm group detects applications that violate some established best practices. These issues although not critical, should be resolved.
Details on each of the algorithm checks can be found in the Citrix blog titled Automated Security Analysis with Citrix AppDNA which we recommend reading for additional information.
Once AppDNA has assessed the application portfolio, reports are delivered via standard AppDNA Application Issues, Application Actions, Issue Views and Action Views, and can be further drilled down into individual applications. Below is an example of an Issue View report detailing the various issues that have been flagged within our lab environment. It’s also important to note that AppDNA also includes the ability to automatically fix or ‘shim’ applications in certain circumstances (algorithm SEC_BP_003 – line #9).
With this new feature, and the AppDNA Patch Impact Analysis feature detailed in our previous AppDNA newsfeed, we believe that this is the start of the transition of this product away from a simple application compatibility tool, to more of an application platform for ongoing day-to-day BAU activities.
We welcome this new addition to the AppDNA product, and while it may not flag all potential application security concerns in the initial release, we look forward to seeing any additions that Citrix make in this space.