Please let us know if Qualys can perform vulnerability scan on Anroid and Iphone?
frmo what i know, there is nothing specific for Android or iOS.
From what I know, Qualys VM doesn't support Android but they do have a framework that you can use to assess the security of your android devices. It's called ASEF (Android Security Evaluation Framework).
You can read more about it here: https://community.qualys.com/servlet/JiveServlet/downloadBody/3675-102-3-6580/ASEF-Blog(4).pdf
And here is the link to download it: http://code.google.com/p/asef/downloads/list
Unless I missed something, my only problem with this framework is that it's limited to the scan of Android apps; and thus you cannot check for vulnerabilities related to the OS system variables, registry keys, and system configurations as we have in Qualys trusted scan.
Hope it helps
ASEF's core functionality is to perform behavior analysis of user-installed applications. As a secondary feature, a vulnerability scanning module was also provided to give an ability to user to track known security flaws in the wild. ASEF vulnerability scans are performed at the installed application layer on Android OS. It tries to find the known security flaws in user installed apps using 50+ signatures (https://code.google.com/p/asef/source/browse/vuln2.txt) transcribed from 'http://web.nvd.nist.gov/view/vuln/search-results?query=android&search_type=all&cves=on'. More signatures can be added.
It would be also possible to extend the functionality of this framework to check for vulnerabilities related to the OS system variables and system configurations, and make this available as a part of this open source project for the community to use.
Retrieving data ...