Appknox Static Application Security Testing

What is SAST ?
Static Application Security Testing (SAST) can be considered as testing an application from the inside out by examining its source code or application binaries for issues based on configuration which point towards a security vulnerability.
How we stand out?
36 different test cases
Our tests cover industry security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly exploited basic security threat parameters.Your report is then generated with threat details listed with zero false positives according to high, medium and low severity.
Mobile application security
Mobile application security
Mobile application security
Mobile application security
Perform multiple scans simultaneously
Appknox's architecture is built using multiple 'task-workers'. Each worker runs on a different machine to scan multiple applications in parallel to one another. This means that as a business you can perform multiple scans simultaneously wihout any interruption on the Appknox dashboard.
Assess your app even during development
  • The CI integration feature lets you assess your app even during development or before it’s published on any application store.
  • Our SAST analysis supports the three major platforms - iOS, Android and Windows.
It’s Easy to Scale up with Appknox
  • Scale without incurring absurd costs on dedicated security resources or additional headcount.
  • Flexibility for all team sizes.
  • Quick feedback through SAST to include in your development cycle.
SAST workflow
1. Copy paste your app’s URL or upload your application binary to initiate the scan
Mobile application security
2. Get your static testing results overview in under 10 mins on your dashboard
Mobile application security
3. Download your detailed security report in PDF
Mobile application security

Appknox Dynamic Application Security Testing

What is DAST ?
A Dynamic Application Security Testing (DAST) analysis is generally specifically designed to detect conditions indicative of a security vulnerability in an application while in its running state. One of the most common and classic methods of hacking used by hackers is the Man in the Middle Attack (MiTM).
The Appknox DAST is a fully automated simulation of real-time interactions between users (your team) and our physical Android and iOS devices accessed by you via our cloud-based infrastructure. Our system analyzes, detects and catches loopholes that are threatening in nature and helps businesses plug and secure them from runtime and network attacks like MiTM.
Difference between SAST & DAST
Unlike the SAST analysis, Appknox DAST works by running your uploaded application binary on our cloud-hosted devices. Your app is simply uploaded and put in a test environment where actual attacks are carried out during this simulation to detect advanced vulnerabilities.
The Appknox DAST runs on the same platform as the Appknox SAST, giving businesses the option to scan their apps individually or together by both analysis, for an integrated view of all threats detected.
Faster, Better !
We’ve also implemented a state-of-the-art device-farm consisting of multiple Android and iOS devices which gives you more stability, faster scans and a boost to your overall testing experience.
How Appknox DAST works?
1. After you initiate a dynamic scan on your dashboard, your app is installed onto one of our devices.
Mobile application security
2. Your team acts as a user and performs actions like a user would. Our system simultaneously performs several attacks while your app is interacting with our device.
Mobile application security
3. Generate a detailed report from the Appknox dashboard and request a remediation call to fix vulnerabilities detected (optional).
Mobile application security

Appknox Application Program Interface(API) Testing

What is APIT ?
API testing can be considered as testing the server side of an application inside out. Our fully automated scanners perform a complete analysis of web servers, database and its implementation for all components on the server that interact with your mobile app
Difference between { SAST - DAST } and API Testing.
SAST & DAST primarily consist of client-side and transport layer testing. However, with API testing we ensure complete testing of the server side with multiple commonly exploited test cases. This scan helps facilitates developers to test API level security vulnerabilities in mobile apps.
The Appknox API Scan runs in parallel to the Dynamic scan. It captures API’s at requested endpoints and performs upwards of 15 test cases on each of those API’s.
How Appknox API Scan works?
To initiate API Scan, all you need is endpoints (domain) of your server. Once you enter that, our scanner attempts to break into your server to discover vulnerabilities. There are 50+ test cases categorized into 9 distinct groups that are continuously tested. Our system analyzes, detects and catches loopholes that are threatening in nature and helps businesses plug and secure them from any attack on the outside. One can enter multiple endpoints and scan at one go.
Mobile application security
Automated Server Side Testing!
Appknox API Testing enables companies to run completely automated security testing at lightning speeds which complete in a matter of minutes. Appknox covers all API’s that are being called thus covering 360’ of Mobile app security.
Get all the security testing needs for your mobile app done on a single platform. Appknox helps you secure your app with a holistic approach using SAST, DAST, APIT, and MAST.

Appknox Manual Application Security Testing

What is MAST ?
Countries around the world, regularly perform a military activity called Red Teaming. The Red Team, comprised of their greatest minds, uses publicly available information and strategically makes plans to exploit any loopholes in the defense and security strategy. MAST stands for Manual Application Security Testing where Appknox acts as your Red-Team.
Consider Appknox as your personal Red Team for mobile app security.
Although our automated systems have been built over years of extensive research and have proven to detect and help neutralize over 100,000 threats, we believe that nothing is as intelligent as the human mind.
At Appknox, we’re proud to have put together some of the brightest minds from the industry who have detected threats in applications like Facebook, Skype, Walmart, Snapchat and many more.
What our in-house hackers do?
Our security researchers typically follow a defined, tested and tried process to break down apps and detect threats. Here’s an overview of that process:
  • Identification of technology stack
  • Analyzing threat landscape
  • Setting up breakpoints on critical functionalities
  • Testing responses and detecting bugs
  • Performing exploits for advanced threat detection
How Appknox MAST works?
1. Once you have initiated the manual scan from your dashboard, our security researchers are notified and your scan gets initiated.
Mobile application security
2. Our researchers typically take 3-5 days to finish their process of scanning your app.
Mobile application security
3. Once your manual assessment is completed, our security researchers upload your app’s detailed report and send you an email notification, notifying you of the same.
Mobile application security
95% of e-commerce mobile apps on the PlayStore fail basic security testing.
- Appknox E-commerce Global Security Threat Report.
Try Appknox for your App
Mobile application security