Source code analysis

Solar appScreener can analyze source codes written in 36 programming languages, including relatively common Java, Scala, PHP, C#, Swift, Ruby, etc., special-purpose ABAP, Solidity, PL/SQL, etc., and even obsolete Delphi, COBOL and Visual Basic 6.0.

Executable file analysis

Binary code decompilation and deobfuscation technologies enable Solar appScreener to analyze executables, including those for Google Android, Apple iOS, and Apple macOS. To check a mobile app, a user just needs to copy a relevant Google Play or App Store link to the analyzer in order to see analysis findings based on the reconstructed source code.

Vulnerability detection

Vulnerabilities are detected using search rules once the Fuzzy Logic Engine completes analyzing and stops running. SCA technology can help reveal vulnerabilities in not only a company’s in-house code, but also freeware and third-party library components.

Undocumented feature detection

Solar appScreener has algorithms for the automatic search for undocumented features. These algorithms are based on our own permanently updated knowledge base. Undocumented features are detected by their basic structures, such as hard-coded accounts, hidden network activity, time bombs, etc. The presence of such basic structures may point to a more complex backdoor in the app.

Checking legacy and custom software

The binary code deobfuscation and decompilation functionality of Solar appScreener enable the detection of vulnerabilities and undocumented features in legacy and custom apps, including those interacting with third-party components used to reduce development time (such as freeware, pre-written codes from Internet, modules, and libraries).

Comparing check results

Solar appScreener can compare the results of completed checks and generate various diagrams to vividly show how vulnerabilities or undocumented features are emerging and eliminated, including breakdown by project group. In addition, the system takes into account typical code writing changes, while also monitoring vulnerabilities or undocumented features under the same project, thus making it possible to control their elimination.

Report export

Along with the user-friendly dashboards, Solar appScreener offers a flexible PDF report generation system. Reports are generated automatically with content being configured by the user. Reports can be exported as per vulnerability classification adopted in PCI DSS, OWASP Top 2017, OWASP Mobile Top 10 2016, HIPAA or CWE/SANS Top 25, while flexible configuration of multiple report fields using JSON/CSV is also supported.

Developer access control

To improve information security, developers’ access to Solar appScreener can be segregated. Also, support for Microsoft Active Directory streamlines access management in the case of multiple developers.

Preparing recommendations

for software developers

Developers are keen to deliver projects promptly and with minimum corrections. Solar appScreener reports contain detailed descriptions of vulnerabilities and undocumented features, links to vulnerable parts in the app code, and recommendations on correcting the code to eliminate the vulnerability.

for cybersecurity officers

Cybersecurity officers need the most detailed information on detected vulnerabilities and undocumented features. Solar appScreener provides reports with detailed descriptions of detected vulnerabilities, undocumented features, and their methods of exploitation, as well as recommendations on configuring Imperva, ModSecurity or F5 WAFs.

Issue tracking systems

Since the basic version of Solar appScreener includes integration with Atlassian Jira, vulnerability elimination tasks in Jira can be started and task progress can be tracked directly from Solar appScreener interface. In addition, any other issue tracking system can also be supported.

Integration into development process

Solar appScreener supports

Thus allowing the user to establish quality control, automate new software build verification, reduce time spent, and implement Secure SDLC. An open API provides powerful capabilities for additional integration. To improve cybersecurity, developers are granted different access rights.

Buy a Solar appScreener