Benefits

SAST of binary code

Unique fuzzy logic methods used during decompilation, deobfuscation and analysis make it possible to test apps even in the absence of source code (e.g. legacy or custom apps, including Google Android and Apple iOS apps).

33 programming languages supported

Support of many languages allows for virtually all apps to be analyzed, including those written in ABAP (for SAP), COBOL or Solidity (language for Ethereum-based smart contracts). App language is detected automatically. Multi-language apps can also be analyzed. The system also reflects all languages in which the code is written.

10+ code analysis methods

To analyze apps, Solar appScreener can combine 10+ methods, including execution flow analysis and taint analysis, thus maximizing the detection of code vulnerabilities and undocumented features.

Detailed recommendations

App code analysis results are provided as specific recommendations on how to address vulnerabilities and undocumented features, and configure WAF to block vulnerabilities and undocumented features for the time of code correction.

Expert-defined search rules

Vulnerability and undocumented features search rules for Solar appScreener are well-thought-out and up-to-date. Vulnerability and undocumented feature bases can be updated both manually and automatically.

Quick start

Code scanning can be launched with a few clicks, without long presetting. To analyze Android and iOS apps, simply specify a Google Play or App Store link.

Advanced GUI

The Solar appScreener interface meets the latest usability and user experience requirements, analyzes vulnerabilities and undocumented features quickly, displays results clearly and does not require any programming skills.

No development skills needed

Designed for security officers rather than developers, Solar appScreener features a user-friendly and intuitive interface and highly automated analysis. Therefore, the analyzer can be used by security officers without software development skills.

Wide coverage and fast operation

App SAST is fast and covers almost all possible vulnerabilities and undocumented features. Instead of requiring hours or even days like before, a common app can now be analyzed in just half an hour.

Few false positives

To minimize false positives and false negatives (with regard to both vulnerabilities and undocumented features), Solar appScreener uses Fuzzy Logic Engine, which leverages our technological know-how.

Easy integration with SDLC

Integration with the CI/CD Jenkins, Azure DevOps and TeamCity servers; Eclipse, Microsoft Visual Studio and Xcode development environments; the SonarQube platform for continuous inspection of code quality; as well as Atlassian Jira issue tracking system; allow Solar appScreener to be easily embedded in a development process to ensure Secure SDLC.

On-premise and SaaS

Solar appScreener can be either deployed at a customer’s site or provided as a cloud-based service, thus enabling the security team to select the optimal solution.

Buy a Solar appScreener
.