SmartDec Scanner On Prem

SmartDec Scanner is a next-generation software for application security testing.

Our convenient interface requires just a couple of clicks, making the entire process effortless to deploy. The variability of algorithms and settings of our platform is automated to the maximum extent.

Request demoMore information

Keep your system safe. Invulnerable.

>

SmartDec Scanner SaaS

If you need app code verification from time-to-time, you can purchase licenses for the required number of code verifications, upload the code to the cloud via the web interface and wait until the analyzer finishes its work.

It is also possible to test your code via a secure communication channel using virtual private networks (VPN).

Request demoMore information

Our advantages

  • Application analysis without access to the source code

    SmartDec Security Scanner is the only existing tool that enables to perform analysis for vulnerabilities and undocumented features without a source code. This feature is based on its’ ability to analyze not only a source code, but also executables (i.e. binaries).

    This unique technology allows you to get two exclusive benefits from using SmartDec Scanner. Firstly, there is no need for you to request a source code from developers and you can easily check a system security level by uploading executable files or a link to Google Play or App Store directly to SmartDec Scanner. Secondly, this feature allows you to perform Dynamic Analysis Security Testing (DAST) with the resolution of Static Analysis Security Testing. SAST analyzes application source code, byte code, and binaries for the internal weaknesses and DAST protects your system while the app is running and secure your system from external attack identifying all possible potential vulnerabilities. Executable file Static Analysis Security Testing (SAST) leverages a patented reverse engineering (decompilation) technology that restores the source code of executables very accurately, even if was obfuscated. Thus, SmartDec Scanner provides exhaustive security testing for your data throughout at any time.

    One more bonus is that SmartDec Scanner can analyze more than 25 programming languages and executable files of one of seven extensions, including those for Google Android, Apple iOS, and Apple macOS.

  • Integration with Security Development Life Cycle

    SmartDec Scanner will make your current Security Development Life Cycle (SDLC) complete by adding a convenient tool for system safety testing process. The problem is that all systems are different in terms of complexity, required components and expected functionality. SmartDec Scanner was developed in such a way, that it can be seamlessly integrated into SDLC of any system. When integrated in development process SmartDec Scanner significantly reduces frequency of vulnerabilities in the final product.

    SmartDec Scanner supports the Git repository, Eclipse, Visual Studio, and Xcode development environments; CI/CD Jenkins and TeamCity servers, as well as Maven, Gradle, and SBT build automation tools, thus, allowing a user to establish quality control, automate new software build verification, reduce spent time, and implement SDLC. Built-in API, which uses a JSON API and command line interface, provides even more powerful integration and automation capabilities. To improve the cybersecurity level, developers can be granted different access rights.

    SmartDec Scanner basic version offers integration with Atlassian JIRA issue tracking system. However, if necessary, any other system can be supported. Such integration allows security officers to initiate vulnerability and undocumented feature treatment jobs and track progress directly in the system (e.g. assign code modification to a development team or a WAF rule setup to system administrators).

    In order to meet users’ needs, SmartDec Scanner can be either deployed at a customer’s site or be provided as a SmartDec cloud-based service, thus, enabling a security team to select the optimal solution to keep the system safe.

  • User friendly interface for scanning by just two clicks

    SmartDec Scanner is designed to save your time on unnecessary moves. There is no need to have any specific knowledge to analyze your system for vulnerabilities. SmartDec Scanner was designed in such a way, that a user understands everything intuitively. The interface is simple and convenient, the process of analysis is automated, allowing you to check the code, to receive a security report, and to protect the system just in two clicks. However, under the interface’s simplicity there is a strong code analyzer that already will not be friendly for any vulnerabilities.
    The new interface version provides easy navigation menu for working with projects and getting the analysis results. The Scanner is able to provide the visual and detailed statistical information and has additional filters for projects, as well as a clear administration page.

    Along with the user-friendly dashboards, SmartDec Scanner offers a flexible PDF or HTML report generation system. Reports are generated automatically with content being configured by the user. Reports can be exported as per vulnerability classification adopted in PCI DSS, OWASP Top 2017, OWASP Mobile Top 10 2016, HIPAA or CWE/SANS Top 25, while flexible configuration of multiple report fields using JSON is also supported.

    If you have any questions about SmartDec Scanner or how it works, our support team is available 24/7 for you.

  • Recommendations on fixing detected vulnerabilities

    SmartDec Scanner is a strong instrument against all possible security weaknesses of a system. It provides a source code and executable files analysis, offers identification of vulnerabilities and detection of undocumented features, makes possible verification of legacy and custom software system, etc.

    After a security scan all detected vulnerabilities and undocumented features are categorized in accordance with its’ emergency level and highlighted directly in the analyzed code, even if they are found in executables (debug_info file is not needed here). Besides detection of vulnerabilities, SmartDec Scanner provides Software Developers with extensive information about every single one of them, which includes a full description of a vulnerability, examples of exploitation methods, links and detailed suggestions of possible way to manage a vulnerability.

    Moreover, it is possible to compare security test results of a project at any stage, because SmartDec Scanner takes into consideration any kind of changes, which are usually made when writing the code. The relevant notifications about changes and test results are always being emailed to inform the user. This feature makes SmartDec Scanner a convenient day-to-day instrument for both Software Developers and Application Security Managers or CISO.

    In addition to that SmartDec Scanner allows to prepare a report in accordance with different vulnerabilities classifications  (PCI DSS, OWASP Top 2017, OWASP, Mobile Top 10 2016, HIPAA). It significantly simplifies passing testing for cyber security standards and helps to develop a detailed plan of existing breaches elimination.

  • Instructions for Web Application Firewall setup

    SmartDec Scanner consists of two main parts: an analysis system that processes source and binary codes, and a reporting system that provides recommendations for managing vulnerabilities, as well as configuring Web Application Firewall (WAF). 

    Nowadays, the high cost of information processed in the web applications, together with the threat of hacking increases the risks of information security of companies. WAF is the application-level security shield designed to detect and block modern attacks on web applications. WAF is an important part of web application security. Generally, WAF covers common attacks such as cross-site scripting (XSS), file inclusion, and SQL injection. While proxies generally protect clients, WAFs protect servers. Its main purpose is to protect web applications from unauthorized access, even in the presence of critical vulnerabilities. A filter that blocks malicious requests in real time before they reach the site can do a good job and take the hit away from the application.

    SmartDec Scanner identifies and rank vulnerabilities and provides detailed recommendations for configuring Imperva, ModSecurity or F5 WAFs  based on results of security testing. This approach allows to block any possibility of exploiting app vulnerabilities during code corrections. Due to full integration of SmartDec Scanner with the main WAF providers, you will receive suggestions for every field when configuring WAF. In case you need any help, our technical support is available 24/7 to answer any of your questions.

Our solutions

  • 1
    Source code analysis

    SmartDec Scanner can analyze source codes written in 20+ programming languages, including relatively common Java, Scala, PHP, C#, Swift, Ruby, etc., special-purpose ABAP, Solidity, PL/SQL, etc., and even obsolete Delphi, COBOL, and Visual Basic 6.0.

  • 2
    Executable file analysis

    Binary code decompilation and deobfuscation technologies enable SmartDec Scanner to analyze executables, including those for Google Android, Apple iOS, and Apple macOS. To check a mobile app, a user just needs to copy a relevant Google Play or App Store link to the analyzer in order to see analysis findings based on the reconstructed source code.

  • 3
    Vulnerability detection

    Vulnerabilities are detected using search rules once the Fuzzy Logic Engine completes analyzing and stops running. SCA technology can help reveal vulnerabilities in not only a company’s in-house code, but also freeware and third-party library components.

  • 4
    Undocumented feature detection

    SmartDec Scanner has algorithms for the automatic search for undocumented features. These algorithms are based on our own permanently updated knowledge base. Undocumented features are detected by their basic structures, such as hard-coded accounts, hidden network activity, time bombs, etc. The presence of such basic structures may point to a more complex backdoor in the app.

  • 5
    Checking legacy and custom software

    The binary code deobfuscation and decompilation functionality of SmartDec Scanner enable the detection of vulnerabilities and undocumented features in legacy and custom apps, including those interacting with third-party components used to reduce development time (such as freeware, pre-written codes from Internet, modules, and libraries).

  • 6
    Comparing check results

    SmartDec Scanner can compare the results of completed checks and generate various diagrams to vividly show how vulnerabilities or undocumented features are emerging and eliminated, including breakdown by project group. In addition, the system takes into account typical code writing changes, while also monitoring vulnerabilities or undocumented features under the same project, thus making it possible to control their elimination.

Contacts