Audit your iOS or Android apps for OWASP Mobile Top 10 and other vulnerabilities for free.
Our FREE mobile application security testing service or MAST (as labeled by Gartner) is the tool which we believe outperforms other similar services (including commercial ones). The tool runs both static (SAST) and dynamic (DAST) testing of your mobile applications to identify any of the OWASP Mobile Top 10 issues.
Mobile App Security Test conducts a holistic scan of any iOS/Android application that you upload. If the application is present in Google Play — just type its name to see test results:
You start with a quick overview of mobile phone functionality requested by the app, such as access to your SMS, microphone or camera:
Just below, you will see all outgoing HTTP/S requests the mobile app sends out just upon installation on your phone without any interaction with you. Both features can promptly spot a malware or a legitimate application that, however, requests excessive permissions that may put your privacy at risk:
Modern mobile applications are frequently built from a third-party code that may contain various privacy and security risks, making your application hereditarily vulnerable. Mobile App Security Test will show an actionable x-ray image of your code:
Then you arrive to the most important and valuable part of the audit — OWASP Mobile Top 10 vulnerabilities and weaknesses. This comprises all sort of security flaws, weaknesses and misconfigurations — from hardcoded API keys and unencrypted HTTP communications to more intricate issues, such as missing tap-jacking protection:
Finally, you get a comprehensive list of all external hosts where mobile app may connect to send or receive some data. Can be very helpful in corporate environments for threat hunting and data leakage prevention:
Conclusion: the best-in-class security tool for every mobile developers and penetration testers.
