The first white box tool to analyze applications without source code available.
SAST of binary code
Unique decompilation and deobfuscation techniques along with sophisticated static analysis algorithms make it possible to test apps even without source codes and any debug info available (e.g. apps from Google Play or App Store).
31 programming languages supported
SmartDec Scanner is a world leader in terms of the number of supported languages. This allows for the analysis of a wide range of apps, including those for SAP (ABAP), Sales Forсe (Apex), etc. The app language is identified automatically.
10+ code analysis methods
To analyze apps, SmartDec Scanner can combine 10+ methods, including data flow analysis and taint analysis, thus, maximizing the detection rate of vulnerabilities and undocumented features.
App code analysis results are provided as recommendations on how to address vulnerabilities and undocumented features found in the code, and configure WAF to prevent the exploitation of the flaws for the time of code correction.
Easy integration with SDLC
Available plugins for CI/CD servers like Jenkins, Azure DevOps (TFS) and TeamCity; Eclipse, Microsoft Visual Studio and Xcode development environments as well as Atlassian Jira issue tracking system and LDAP servers allow SmartDec Scanner to be easily integrated into a development process to ensure Secure SDLC.
Just a few clicks and your scan is on the way. No setup or configuration is required. Need to analyze the app from Google Play or App Store? Just paste a link and click “Scan”.
No development skills needed
SmartDec Scanner features a user-friendly and intuitive interface and highly automated yet customizable analysis. Therefore, the analyzer can be used by security officers without software development skills.
Few false positives
SmartDec Scanner uses Fuzzy Logic Engine based on confidence metric to minimize false positives and false negatives (with regard to both vulnerabilities and undocumented features).
On-premise and SaaS
SmartDec Scanner can be either deployed at a customer site or provided as a cloud-based service, thus, enabling the security team to select the optimal solution.
SmartDec Scanner interface meets the latest usability and user experience requirements, analyzes vulnerabilities and undocumented features quickly, displays results clearly and does not require any programming skills.
SmartDec Scanner GUI targets Information Security Officers as well as developers. The solution offers an intuitive user interaction logic and does not require deep technical knowledge to interpret analytical reports. For this reason, SmartDec Scanner features a simple and intuitive interface, with analysis being fully automated, thus, enabling a user to analyze the app code in just two clicks.
English user interfaces
In addition to SmartDec Scanner GUI,
a command line and API are also available.
a command line and API are also available.
SmartDec Scanner can detect vulnerabilities and undocumented features in both app source code and binary executables and then provide detailed recommendations for developers and cybersecurity officers. It can be integrated with various IDEs, CI servers, build automation tools and issue tracking systems.
Source code analysis
SmartDec Scanner can analyze source codes written in 31 programming languages, including relatively common Java, Scala, PHP, C#, Swift, Ruby, etc., special-purpose ABAP, Solidity, Apex, PL/SQL, etc., and even obsolete Delphi, COBOL and Visual Basic 6.0.
Executable file analysis
Binary code decompilation and deobfuscation technologies enable SmartDec Scanner to analyze executables, including those for Google Android, Apple iOS, and Apple macOS. To check a mobile app, just copy a Google Play or App Store link to the analyzer and see analysis findings on the decompiled source code.
Undocumented feature detection
SmartDec Scanner checks the code agains undocumented features. It uses algorithms that are based on our own permanently updated knowledge base. Undocumented features are detected by their basic structures, such as hard-coded accounts, hidden network activity, time bombs, etc. The presence of such basic structures can point to a more complex backdoor in the app.
Checking legacy and custom software
The binary code deobfuscation and decompilation functionality of SmartDec Scanner enable the detection of vulnerabilities and undocumented features in legacy and custom apps, including those interacting with third-party components used to reduce development time (such as freeware, pre-written codes from Internet, modules, and libraries).
Comparing check results
SmartDec Scanner can compare the results of completed checks and generate various diagrams to show when the exact vulnerability or undocumented feature appeared and when it was fixed. In addition, the system takes into account typical code writing changes, while also monitoring vulnerabilities or undocumented features under the same project, thus making it possible to control their elimination.
Along with user-friendly dashboards, SmartDec Scanner offers a flexible PDF report generation system. Reports can be exported as per vulnerability classification adopted in PCI DSS, OWASP Top 2017, OWASP Mobile Top 10 2016, HIPAA or CWE/SANS Top 25, while flexible configuration of multiple report fields using JSON is also supported.
Developer access control
To improve information security, developers’ access to SmartDec Scanner can be segregated with flexible access roles. Also you can use Microsoft Active Directory plugin for smooth integration.
Task tracking systems
Since the basic version of SmartDec Scanner includes integration with Atlassian Jira, you can easily create and track a task in Jira directly from SmartDec Scanner interface.
Cybersecurity officers need the most detailed information on detected vulnerabilities and undocumented features. SmartDec Scanner provides reports with detailed descriptions of detected vulnerabilities, undocumented features, and their methods of exploitation, as well as recommendations on configuring Imperva, ModSecurity or F5 WAFs to prevent exploitation of these defects.
Integration into development process
SmartDec Scanner supports the Git repository, Eclipse, Xcode and Microsoft Visual Studio IDEs, as well as Jenkins, Azure DevOps Server 2019 (previously - TFS) and TeamCity CI/CD servers, thus allowing the user to establish quality control, automate new software build verification, reduce time spent, and implement Secure SDLC. An open API provides powerful capabilities for additional integration.
Request SmartDec Scanner trial account to check your app!