Analysis & Assessment

The following types of analysis are performed to assess the security of the application and its backend:


report

Static Analysis

Ostorlab performs analysis of the binary to identify security weaknesses. The security scanner performs analysis on the Dalvik Bytecode for Android and ARM assembly instructions for both Android and iOS.

report

Dynamic Analysis

Ostorlab executes and monitors the mobile application interactions with the filesystem, network and APIs to detect any vulnerable behavior.

Behavioral Analysis

Ostorlab performs guided fuzzing to detect malicious that can exploit a vulnerability in the mobile application and backend servers.

report

Supported Platforms

Ostorlab Mobile Security Scanner supports the following platforms and frameworks:


Platform Static Analysis Dynamic Analysis Behavioral Analysis Backend Analysis
Android Native
iOS Native
Apache Cordova
Ionic
Xamarin
React Native
Adobe PhoneGap
Framework7
Apache Weex
NativeScript
Flutter
Jasonette

Security Report

Scan report contains technical descriptions of identified vulnerabilities and fix recommendations

Summary view

This view provides relevant information about the application, the scan and the vulnerabilties identified.

report
report
report

Technical Indicators

The reports measures a global risk barometer and scan code coverage percentage

Vulnerabilities details

The vulnerability details contains the following sections:

  • Description: Detailed description of the vulnerability
  • Recommendation: Best practices and fixes to apply to avoid this vulnerability
  • References: Links to CWE, CVE and OWASP references
  • Technical details: The code snippet used to identify the vulnerability in the application
report