What languages and platforms does App-Ray scanner support?
We support Android and iOS for now.
What email notifications will I get from App-Ray?
App-Ray keeps customers up to date with scan and overall service status via email notifications. App-Ray users will receive emails when: Password is changed, Scan is submitted, and Scan has completed.
I received an email saying there was an issue scanning my application. What should I do?
App-Ray usually sends a scan failure email if issues are encountered scanning your application. Our engineering team will work with you to resolve any issues like this and ensure scan success.
What is DAST and SAST? Does App-Ray do both?
DAST Stands for Dynamic Application Security Testing while SAST stands for Static Application Security Testing. App-Ray does both.
What flaw categories do you look for?
The flaw categories we look for increases all the time. Examples of flaw categories that are scanned for include:
- Input Validation: Command Injection, SQL Injection, Cross-Site Scripting, Log Forging, CRLF Injection, Path Manipulation
- Memory Corruption: Stack/Heap Overflow, Format String Vulnerability, Unchecked Array Indexing, Improper Null Termination
- Numeric Errors: Integer Overflow/Underflow, Signed-to-unsigned Conversion, Off-by-one Error, Numeric Truncation
- Cryptographic Issues: Hardcoded Crypto Keys, Failure to Encrypt Sensitive Data, Insufficient Entropy
- Others: Hardcoded Passwords, Missing XML Validation, Unchecked Return Value, Information Leakage, Malicious Code and Backdoors, Rootkit-like Behavior, Time Bombs, Anti-Debugging, Data Exfiltration, Code and Data Anomalies
Do you need my source code?
Not at all. App-Ray is operating by using your binaries only. Based on that we do an automated reverse engineering, disassembling and then we provide you the scan results.
Why should I use App-Ray instead of a source code analyzer?
App-Ray is about to change the world of mobile application development by solving this application security challenge in a fundamentally different and better way. Our cloud-based application risk management services platform offers the industry’s most comprehensive, fastest, very accurate and easy to use application security testing services. Our innovative binary analysis technology and delivery model allow those who develop software and those who purchase software to cost-effectively assess and manage risk from their software infrastructure be it internally developed, outsourced, open source or commercial applications.
Is App-Ray available on-premises, as well or SaaS only?
App-Ray is available on-premises as well. On-site installation is very fast and straightforward – usually takes up 2 hours and also remote installation is possible.
How long will it take to get my results?
App-Ray performs a fully automated scan on uploaded applications, including constructing a model of the data and control flow and identifying any flaws. The turnaround time depends on the size and complexity of the application, but on average App-Ray analyzes 90% of all uploaded applications in ten minutes or less (in case you need it faster, contact us … ).
I like the App-Ray web interface, but I do all my work in my IDE. Can you show me the results there?
App-Ray provides APIs for uploading applications and viewing results, and includes reference integrations to several bug tracking systems and integrated development environments, including Jira, Jenkins, etc.