Welcome

Discover all the incredible capabilities of our platform via our resources, Whether you are new to the dashboard or an existing user, you will find out all the useful information about our product and its services varying from a basic introduction to SAST, DAST, API and instructions for using advanced features.

Appknox automated scanner is easy to use and has vast API compatibilities which make it simple to integrate into the mobile Application Development cycle, providing complete automation of SAST, DAST, and Application Program Interface(API) Testing. This user guide provides an overview of the platform and how you can interact with it and how to interpret the results & administer end-to-end security.

Why Appknox?

Appknox is the world ’s most Powerful Plug and Play SaaS solution to automate your Mobile Application Security and provide real-time detection of vulnerabilities & Security risks. We help companies by providing a 360-degree view of security under a single platform accurately by identifying security flaws by thoroughly testing them against the evergrowing risk, vulnerabilities and test cases.

Appknox has been developed in a way that it can be integrated with any application Systems development life cycle(SDLC) and providing an early-stage detection & achieving a complete DevSecOps cycle.

Project View and Upload Feature (APK or IPA Upload)

Once you login to the dashboard, you get the below-mentioned view:


All the projects are arranged in a tile view, and each tile as highlighted has the following details:

File ID: This is a unique serial number get auto-assigned by the dashboard and has multiple use cases such as compare feature & look for assistance.

Namespace: The namespace or bundle ID are fetched from the binary itself, as based on the namespace the scanner curates different uploads and creates new projects.

Platform: This is the second category based on which the scanner differentiates between two files having the same namespaces. The dashboard supports IOS, Android & Windows Application.

Version & Version Code: These details are Auto-fetched from the binary and can be used for later for comparison & tracking uploads over time.

To upload the application at the dashboard use the “Upload App” button. Select the app binary (.apk or .ipa) and upload it into the portal using the “Upload App” button.



For every new app which is uploaded, a fresh project tile with a distinct File ID is created. As shown in the picture below:



The user can proceed for doing the testing by simply clicking on the project tile anywhere. The next screen will look like this (Fig: ), where the scan is divided into 4 different stages Static, Dynamic, API & Manual.

Invite Other Users to the Appknox Dashboard

Static Application Security Testing (SAST)

Static Application Security Testing (SAST) can be considered as testing an application from the inside out by examining its source code or application binaries for issues based on the configuration which point towards a security vulnerability.
As soon as the application is uploaded the static scan starts and cover all the code level checks & other test cases. SAST scans an application before the code is compiled. It's also known as white box testing. Static analysis is performed in a non-runtime environment. Typically, a static analysis tool will inspect program code for all possible run-time behaviours and seek out coding flaws, back doors, and potentially malicious code.
We access Manifest files and permission files from the binary. We go through manifest files by pseudo running the app (instead of decompiling it). And from collected information our scanner detects all configurations, SDK’s and their minimal version and perform security assessment on top of collected information

Dynamic Application Security Testing (DAST)

A Dynamic Application Security Testing (DAST) analysis is generally specifically designed to detect conditions indicative of a security vulnerability in an application while in its running state. One of the most common and classic methods of hacking used by hackers is the Man in the Middle Attack (MiTM).



The Appknox DAST is a fully automated simulation of real-time interactions between users (your team) and our physical Android and iOS devices accessed by you via our cloud-based infrastructure. Our system analyzes, detects and catches loopholes that are threatening in nature and helps businesses plug and secure them from the runtime and network attacks like MiTM.
Press Start, and proceed and selected a compatible device from the dropdown list on the popup window, based on your selection the app will be installed in the real physical device & you will have control over it digitally.
Once the app gets installed & refects on the phone model on the left of the dashboard, All user has to do in interact with the App user all its features & functionalities. More you crawl more feasible it gets for the scanner to cover all the dynamic level test cases and find issues.

API Scan

Please select the "Enable API Capture" while running the Dynamic Scan
If this function is enabled, the scanner will detect & capture all the API calls made & API End Points used during the dynamic scan session. The list of captured APIs will appear under API scan section & will be used for API testing.



API testing can be considered as testing the server-side of an application inside out. Our fully automated scanners perform a complete analysis of web servers, database and its implementation for all components on the server that interact with your mobile app

The start under API section will lead to a Pop which will Reveal all the API captured during the dynamic scan, user can select all the appropriate APIs and simply press the “Start API Scan” to initiate the testing. The scanning can take 20-50 min based on the number of endpoints selected to complete.

Scan Comparison Feature

The compare feature helps you compare the two builds of the same App against the list of vulnerabilities and see what all things have improved in the new build and what needs to be worked on.

Once you click on the “Compare” button, you get the below view, showcasing if any new vulnerability is added or the list remains the same.

Report Download

Chat Support

We believe that “A website with no live chat is like a store with no sales assistant.”




For instant support, please use the chatbox at the bottom left of the platform, our team is available for assisting you at all times. Get a “Messenger” like view and connect with our team in case of any or concerns while interacting with the dashboard

Analytics and MarketPlace

Analytics:

Market Place:

Updated on: 07/12/2020