Appknox Static Application Security Testing
What is SAST ?
Static Application Security Testing (SAST) can be considered as testing an application from the inside out by examining its source code or application binaries for issues based on configuration which point towards a security vulnerability.
How we stand out?
36 different test cases
Our tests cover industry security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly exploited basic security threat parameters.Your report is then generated with threat details listed with zero false positives according to high, medium and low severity.
Perform multiple scans simultaneously
Appknox's architecture is built using multiple 'task-workers'. Each worker runs on a different machine to scan multiple applications in parallel to one another. This means that as a business you can perform multiple scans simultaneously wihout any interruption on the Appknox dashboard.
Assess your app even during development
- The CI integration feature lets you assess your app even during development or before it’s published on any application store.
- Our SAST analysis supports the three major platforms - iOS, Android and Windows.
It’s Easy to Scale up with Appknox
- Scale without incurring absurd costs on dedicated security resources or additional headcount.
- Flexibility for all team sizes.
- Quick feedback through SAST to include in your development cycle.
1. Copy paste your app’s URL or upload your application binary to initiate the scan
2. Get your static testing results overview in under 10 mins on your dashboard
3. Download your detailed security report in PDF
Appknox Dynamic Application Security Testing
What is DAST ?
A Dynamic Application Security Testing (DAST) analysis is generally specifically designed to detect conditions indicative of a security vulnerability in an application while in its running state. One of the most common and classic methods of hacking used by hackers is the Man in the Middle Attack (MiTM).
The Appknox DAST is a fully automated simulation of real-time interactions between users (your team) and our physical Android and iOS devices accessed by you via our cloud-based infrastructure. Our system analyzes, detects and catches loopholes that are threatening in nature and helps businesses plug and secure them from runtime and network attacks like MiTM.
Difference between SAST & DAST
Unlike the SAST analysis, Appknox DAST works by running your uploaded application binary on our cloud-hosted devices. Your app is simply uploaded and put in a test environment where actual attacks are carried out during this simulation to detect advanced vulnerabilities.
The Appknox DAST runs on the same platform as the Appknox SAST, giving businesses the option to scan their apps individually or together by both analysis, for an integrated view of all threats detected.
Faster, Better !
We’ve also implemented a state-of-the-art device-farm consisting of multiple Android and iOS devices which gives you more stability, faster scans and a boost to your overall testing experience.
How Appknox DAST works?
1. After you initiate a dynamic scan on your dashboard, your app is installed onto one of our devices.
2. Your team acts as a user and performs actions like a user would. Our system simultaneously performs several attacks while your app is interacting with our device.
3. Generate a detailed report from the Appknox dashboard and request a remediation call to fix vulnerabilities detected (optional).
Appknox Manual Application Security Testing
What is MAST ?
Countries around the world, regularly perform a military activity called Red Teaming. The Red Team, comprised of their greatest minds, uses publicly available information and strategically makes plans to exploit any loopholes in the defense and security strategy. MAST stands for Manual Application Security Testing where Appknox acts as your Red-Team.
Consider Appknox as your personal Red Team for mobile app security.
Although our automated systems have been built over years of extensive research and have proven to detect and help neutralize over 100,000 threats, we believe that nothing is as intelligent as the human mind.
At Appknox, we’re proud to have put together some of the brightest minds from the industry who have detected threats in applications like Facebook, Skype, Walmart, Snapchat and many more.
What our in-house hackers do?
Our security researchers typically follow a defined, tested and tried process to break down apps and detect threats. Here’s an overview of that process:
- Identification of technology stack
- Analyzing threat landscape
- Setting up breakpoints on critical functionalities
- Testing responses and detecting bugs
- Performing exploits for advanced threat detection
How Appknox MAST works?
1. Once you have initiated the manual scan from your dashboard, our security researchers are notified and your scan gets initiated.
2. Our researchers typically take 3-5 days to finish their process of scanning your app.
3. Once your manual assessment is completed, our security researchers upload your app’s detailed report and send you an email notification, notifying you of the same.