AUTOMATED MOBILE APP PENTESTING SOLUTION
SM-MSA MOBILE SECURITY ANALYZER
Analysis and discovery of mobile malwares, analysis and discovery of non - identification and anomalies of software through the analysis of suspicious behavior and components. Analysis and identification of dangerous and risk - related permissions.More Information
Static Analysis (SAST)
Dynamic Analysis (DAST)
Mobile Malware Analysis
Malicious / Suspicious Behaviors Analysis
Code structure Checker (None Security Bugs)
OWASP, PCI-DSS & Other Compliance Report
- AUTOMATED MOBILE APP PENTESTING SOLUTION SM-MSA
In static analysis, application is tested from the inside out. It analyzes the source code or binary without executing the application. It does not rely on the runtime environment. It can be used to test code during development, caching vulnerabilities early on. SM-MSA in SAST, Analysis code vulnerabilities, App Manifest Misconfig and vulnerabilities, App Components vulnerabilities Such as Activity or Providers vulnerability and Binary libs, App Permissions, App Certs and etc. SM-MSA doesn't need any source of your App just upload Youre APK/IPA and get the reports.
The focus of DAST is the testing and evaluation of apps via their real-time execution. The main objective of dynamic analysis is finding security vulnerabilities or weak spots in a program while it is running. Dynamic analysis is conducted both at the mobile platform layer and against the back-end services and APIs, where the mobile app's request and response patterns can be analyzed.SM-MSA Dynamic Analyzer checks for security mechanisms that provide sufficient protection against the most prevalent types of attack, such as disclosure of data in transit, authentication and authorization issues, server / API vulnerabilities, File and Network I/O , Crypto and Run time Components Vulnerabilities Whit DYATTACKER Such As exported Component Exploiting , Intent Sniffing / Spoofing , Providers SQLI / LFI , Receivers Sniffing and spoofing , Hooking ,etc.
SM-MSA Scan Your Apps Whit More than 60 Antivirus in it’s Cloud To detect any Malware or Harmful Components. Furthermore, SM-MSA checks if any App Use Malware Evasion Techniques Such As Packer, Dropper, Anti-sandbox techniques, Crypter, Binder and so on.
SM-MSA Check Apps Hardcoded URL / IP for detecting any phishing, Botnet and C&C Servers.
SM-MSA checks Apps For Malicious Behaviors than can’t find whit Malware Analyzer module Such As Record Sound / Video, Read Wifi credentials, Read Sim Card info, Read Contact List, Send SMS, Make Phone Calls, etc Without user Permission.
Many Apps use API to connect to its Backend server for transfer Data and so on. SM-MSA Can Analysis API for Detecting Vulnerabilities Such As cryptography, ServerSide Auth and others based on OWASP Top 10 - 2017.
SM-MSA finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. You can check your app flaw in more than 23 categories.
Get complied with industry standards / best practices like OWASP,MASVS,MSTG, PCI-DSS, SOX, HIPPA, NIST.
SM-MSA Mobile Security Analyzer
- Static Analysis
- Dynamic Analysis
- Mobile Malware Analysis
- API Analysis