June 2018

  • New backend scanning engine with beta support for SQL injection and XXE
  • Adding beta support for crawling of HTML content.

May 2018

  • Bumping free scanner coverage limit from 100 to 300.
  • New detector for encrypted IPA.
  • Fix false positive in dynamic rules detecting weak encryption.

April 2018

  • Porting LLDB for iOS to work on Linux.
  • New backend scan engine.
  • New experimental crawler.

February 2018

  • Adding Support for authenticated scan.
  • Final version of Java hook engine with stack trace support and full context inspection.
  • Major enhancement to the taint engine reducing false positives.
  • Multiple bug fixes affecting PDF generation and false positive declaration.
  • Adding feature to report false positives and remove them from the final report.
  • Multiple new dynamic rules to trace sensitive function call.
  • New agent to detect sensitive material files, like private encryption keys.

January 2018

  • Surface static taint analysis coverage in the scan report.

December 2017

  • Unsafe Transport App Security settings in iOS apps are reported as vulnerabilities.
  • Performance enhancement for the support of large multidex files.
  • Bug fix in method xref for multidex files.
  • Enhance vulnerability de-duplication.
  • Multiple bug fixes for iOS scan rules.

November 2017

  • Advanced option to detect weak files permission for both Android and iOS. (OWASP Mobile Top 10 - M2)
  • Advanced option to detect Personal Identifiable Information (PII) leakage for both Android and iOS. (OWASP Mobile Top 10 - M2)
  • Advanced option to detect clear-text traffic for both Android and iOS. (OWASP Mobile Top 10 - M3)
  • Advanced option to detect insecure TLS/SSL validation for both Android and iOS. (OWASP Mobile Top 10 - M3)
  • Advanced option to support iOS call to weak Cryptographic API. (OWASP Mobile Top 10 - M5)
  • Advanced option to support download PDF report.

September 2017

  • Stabilizing unlimited scan feature with bug fixes.
  • Correction of false positives in Insecure Encryption Mode.
  • Correction of false positives in ASLR detection for iOS Apps.
  • Move to a clustered architecture to support increase scan load.
  • Final version to support dedicated unlimited scans.

August 2017

  • New feature to support dedicated scans.
  • Tweaks and updates to the user interface to support fast uploading.

July 2017

  • New backend system to support the increased load.
  • Major code refactoring of all agents to support the new backend system.
  • Multiple bug fixes.

June 2017

  • New static taint engine for Android Bytecode.
  • Multiple bug fixes and performance tweaks.