Solar appScreener is a static app code analyzer capable of identifying vulnerabilities and undocumented features. Its distinctive feature is the ability to analyze not only source code, but also executables (i.e. binaries) and to return much better results than when using DAST.
The analyzer can test apps written in more than 30 programming languages or that have been compiled into an executable file with one of nine extensions, including those for Google Android, Apple iOS, and Apple macOS. The mobile app code can be tested simply by pasting the app link in Google Play or App Store to the analyzer, which may be considered as full mAST.
Detected vulnerabilities and undocumented features are highlighted directly in the analyzed app code, even if found in executables (debug_info file not needed here). It is possible to compare test results of a project while taking account of any changes, which are usually made when writing code, with the relevant notification being emailed.
Eliminating vulnerabilities and undocumented features requires not only detection, but also the correct description of rules to exploit or fix them. Solar appScreener provides detailed advice on eliminating detected vulnerabilities and undocumented features, describes the ways they can be exploited, and recommends how to configure WAF. The Solar appScreener’s database of vulnerability and undocumented feature search rules is continuously updated by analyzer developers after R&D activities.
To enable Secure SDLC, Solar appScreener can be easily integrated with the Git and Subversion repositories and CI/CD servers, such as Jenkins and TeamCity, offering quick analysis for both source and binary codes. The solution can also be integrated with the Atlassian Jira issue tracking system, which monitors the process of eliminating vulnerabilities and undocumented features. Also, support for Microsoft Active Directory streamlines Solar appScreener access management in the case of multiple developers.
For interoperability with other systems and services, the analyzer offers an open API.
Solar appScreener consists of two main parts: an analysis system that processes source and binary codes, and a reporting system that provides recommendations on how to address vulnerabilities and undocumented features and configure WAF. Also, CI/CD and issue tracking system (e.g. Atlassian JIRA) integration capabilities help to fix detected vulnerabilities and undocumented features promptly and establish Secure SDLC.
