Project Proposal Review

My final year project revolves around improving an application security process for a well known utilities provider. The area they wish me to focus on is Mobile application security. The company already has a process/solution in place but the current solution can't handle the influx of new mobile applications and the continuous scans of numerous patches. The project proposal i submitted outlined my main aims which were to implement a new solution or process that would reduce workload for the team and enable them to focus on the more key applications. My project proposal was very open ended because the team was unsure of the path they require me to take.

My project proposal outlined how i would gather data through various interviews and from software that the team currently uses which i'm also able to operate. The project proposal details various actions i will be taking, such as the analyse of free to use vulnerability scanning tools, this action is still a possibility but there are other possibilities that weren't in the project proposal which the team are still making a decision on.
The main pathways/ideas i could take my project are:

• To analyse and find trends in the vulnerabilities that the mobile application designers create, and to produce a report on which are the most common areas where these vulnerabilities are found. This would involve using various analysis/data mining tools.
• To do the same analysis as above but create a document like a .net and java coding manual that the developers at this company already use but for mobile application design.
• To look at free applications that can be used for mobile security scanning and to compare results with the tool they currently use then produce a report on whether the team would need to upgrade to the enterprise solution or whether they could provide developers with free software to do preliminary scanning.
• To use and analyse the in house application of the tool the team already uses, and to create a user manual for the team/developers to enable them to do base level scanning. A report could also be creating analysing the benefits of in-house vs external vulnerability scanning.
• Or a final idea would be to assist with any major project/change that was coming up and produce any feasibility report

Any of the projects described above have the opportunity to evolve and grow, and i feel that all of them have the opportunity to get me the grade I'm looking for. During my next one to one with my project supervisor we will analyse these ideas and decide which ones are viable. From there i will arrange interviews with the company, gathering feedback from the application security team, developers and project managers.