• Static Analysis Update - The update breaks out YAAP (Yet Another App Parser) static analysis, enabling more control and improving static analysis run times. Previously, YAAP tests were bundled into overall static analysis runs, which lengthened test time. YAAP analysis is a proprietary static test bundle developed by NowSecure Research and added to NowSecure Workstation as a static testing enhancement. YAAP results are provided in raw json format.


  • Fix deployed to ensure latest updates will consistently appear within menu under Options–>Check for Updates
  • Renamed Wi-Fi Troubleshooting to Refresh Connectivity, to more accurately describe functionality given it attempts to fix both device and Wi-Fi connectivity.
  • Fix included to ensure Wi-Fi settings remain as is post Workstation update, and do not reset.
  • Improved device lag on connecting/disconnecting devices, android especially.
  • Updated buttons for manual app install and refreshing apps for better alignment and use of space.
  • Assessment descriptions have been moved to tooltip format, available by simply hovering over the info button of the assessment type.




  • Fix deployed to ensure that if the App File Permissions test fails, static analysis will continue with other tests and display results for all tests accordingly.




  • iOS 12 Jailbreak Support - Workstation now suppports iOS 12 jailbroken devices

  • Static Analysis Enhancements - Static analysis enhancements which improve static testing and will enable additional static testing coverage in the future. Best practice is to ensure 4GB (4096 MB) of memory is assigned to the VM for optimal performance on NowSecure Workstation.


  • Fix deployed which restores .png file for NowSecure desktop logo after updates.




  • SSL Webview Issue Resolved - Patch deployed to enable webview for https sites for devices running Android 7 operating systems

  • Untrusted Certificate iOS Assessment Update - Certificate validation (untrusted mode) has been modified to specify custom server certs, which will protect against false negatives.

  • Extraneous Data Clean Up Executed Within Forensics File Tree - Extraneous data removed from Forensics → File Tree to protect against false positive results.


  • Custom port scanning issue resolved enabling scans of specified IP addresses under Network → Port Scan → Specify IP Address.

  • Fix deployed within Forensics → File Tree → Filter Type to ensure results reflect only the selected Filter Type.




  • Fixes both a data capture and dynamic testing issue which presented in versions 5.7.0-5.7.2 due to an unforeseen update made by a third party library.




  • Addressed an oversight of not increasing the internal version number of 5.7.1 from 5.7.0 which causes the "An update is available" notification when the user is on the latest/current version.




  • Addressed an issue with a packaging problem. Depending on certain conditions it’s possible the jailed agent would not work properly due to a version bump of an underlying library.




  • New Plugin (r2dec) Available Under Advanced Tab - r2dec is a new decompiler plugin which converts asm to pseudo-C code. The plugin is available under the Advanced tab (r2frida), either in an r2 shell created from the artifact viewer or from NowSecure Workstation VM in general. If you have questions or would like additional details about this new functionality, let the NowSecure Support team know.

  • New Listing of Files of iOS Bundle Available Under Artifacts - Plist file for iOS now viewable under Forensics Tab, choose Bundle, then info.plist.

  • iOS Jailed Agent - iOS Jailed Agent Testing iPhone XR/XS Support Released


  • Automated tab retired and removed from user interface.

  • Fix deployed to optimize r2frida functionality within Advanced Tab.




  • fsmon - New device file system monitor feature is available under the Advanced tab. The new monitor enables you to record every modification an app does on the file system (read, modify, delete) to test for issues like malicious use, extraneous functionality, and more

  • Android Obfuscation Test - Android obfuscation test has been updated to provide a percentage of obfuscation when source obfuscation has been detected

  • Auto-Generated Screenshots - Improved our test for Auto-Generated Screenshots to ensure all flags are detected

  • Artifact Viewer - Improved syntax highlighting for some files in the Artifact Viewer


  • Introduced a fix which addresses an issue where a Linux package caused some users to retrieve no forensic artifacts for iOS devices.

  • Addressed an issue where some users would encounter the following error: _“The attached device is not compatible with the assessment you selected (iOS Jailbroken)_”




  • MITM Proxy Certificate - Renewed the “Man-in-the-middle” (MITM) Proxy certificate




  • Import Search Terms from Project - Import search terms from another Workstation project, instead of having to export/import from a file

  • Show Full Path for Files in Artifact Viewer - Artifact viewer shows full path property of a file as it existed on the device

  • Enhanced Janus Vulnerability Output - Additional context added to Janus Vulnerability finding


  • Analyst and company name uses configured values in exported JSON report

  • Shorter Janus vulnerability test error message added and users pointed to logs for lengthier error message and formatting issues




  • iOS 12 Jailed Testing Support - Jailed Testing, or the ability to test apps on the latest versions of iOS with Apple manufacturer settings intact, is now supported on iOS 12.

  • New Vulnerability Classifications - Additional vulnerability classifications have been added to match more closely to the CVSS scoring system. Critical and Informational options have been added, along with the ability to mark a finding as a pass.

  • CVSS Vector Strings - Vector strings have now been added for every vulnerability and can be found in the regulatory section. For more information on vector strings, see this page

  • Dark Mode - Check out the all new theme, just in time for Halloween. Toggle to the new theme by selecting the option in Preferences -> General.


  • Some IP addresses using port 443 were getting left out of the Traffic Output table, which has now been corrected.

  • Exporting all projects would occasionally leave out certain artifacts, and therefore wouldn’t be referenceable when importing the project to another Workstation instance. Project backups now account for all the files as intended.

  • Download prompts would sometimes should a file size of “N/A” after download. Proper values are now shown.




  • iOS 11 Jailbreak Support - The Electra jailbreak is now supported for iOS versions 11.0-11.3.1. Additional instructions for provisioning iOS 11 devices can be found here.

  • Port Scan Enhancements

    • Custom IP Address Targeting - Custom IP addresses can be targeted during scan process.
    • Custom Port Specification - Custom ports and port ranges can now be specified as:

      • A Single Port (25)
      • A Range (25-151)
      • A Combination of the Two (25-151, 300, 1337-1338).


  • Some IP addresses using port 443 were getting left out of the Traffic Output table, which has now been corrected.

  • Exporting all projects would occasionally leave out certain artifacts, and therefore wouldn’t be referenceable when importing the project to another Workstation instance. Project backups now account for all the files as intended.

  • Download prompts would sometimes should a file size of “N/A” after download. Proper values are now shown.

  • When opening an existing project, Geolocation data was removed from the Traffic Output, forcing the user to have to rerun the Data Capture step to repopulate. Those values are now stored and loaded properly.

  • A rare bug when importing a project caused the main project database file to become corrupt, seemingly “removing” all previous projects, causing users to have to manually back up all data and re-import the projects. Project import now performs as intended.




  • Jailed Testing Support - Jailed Testing, or the ability to test apps on the latest versions of iOS with Apple manufacturer settings intact, is now supported when using first-party, debuggable apps on iOS 11.0 - 11.4. For third-party, app store applications, a jailbroken assessment is still required. For more information, check out our blog.

  • New Project Categories - The ability to choose an assessment type when creating a project has been added. The new assessment types include Jailed, Jailbroken, and Android assessments.

  • JSON Report Updates - New values are now surfaced within the JSON report, such as project created date, reported generated date, package name, device OS, device model, and more.


  • iOS Heartbleed check has been updated to reflect the version of OpenSSL.

  • Findings for App Transport Security (iOS) are no longer flagged when no entry is specified in the plist. If no entry is specified, ATS is enabled by default, and therefore, is not vulnerable. In this case, this check now shows a pass rating.

  • The pattern matching tool, yara, has been updated to version 3.7.1, improving the functionality of the Crypto Library check.

  • Device information now shows correctly within the UI and the reports. A Pass finding is now shown if no results are returned from a Sensitive Data search.

  • A bug that prevented reports from being saved in XML format has been fixed.

  • An improper sleep setting in the Workstation has been fixed in the base VM image. Current users will need to run a command to change the setting. For more information, see this article.



For existing users, an update script will need to be run to download optional dependencies. More information is available here: 5.1 update script


  • Additional Info About iOS Apps’ Use of HTTP - iOS reports now list any endpoints the app communicated with over HTTP during analysis.

  • Janus Vulnerability Check - NowSecure Workstation now checks for Janus, a vulnerability in Android that allows attackers to modify the code in applications without affecting their signatures.

  • Detect Auto-Generated Screenshots in Android - Similar to iOS snapshots, Android takes a screenshot when an application is entered or exited. NowSecure Workstation now searches through the source code for secure implementations to prevent the leaking of sensitive info.

  • Android Device Provisioner - To simplify the Android device provisioning process, a native Mac OSX application is now available for a one-click provisioning process. Currently, the Nexus 5, 5X, and 6P are supported. Additional details are available here: Provisioning an Android Device

  • Android 7 Support - Support for Android Nougat is now available in NowSecure Workstation.

  • GDPR & FISMA Regulatory Mappings - NowSecure Workstation now includes findings for GDPR or FISMA regulation violations.

  • Adding more open source tools - Additional tools have been added to the NowSecure Workstation VM to allow more in-depth manual analysis for advanced users. These tools include Frida, Cutter (a GUI for radare2), and JADX.

Bug Fixes

  • ‘View in Radare2’ buttons are now wired properly when attempting to open artifacts (iOS exec, Memory Dump, etc..) in r2.

  • A bug with Port Scan was causing a small subset of IP addresses to run indefinitely. This has been fixed and the test now completes for those addresses that were affected.

  • apktool has been updated to version 2.3.0, which patches a critical security vulnerability.

  • A key mapping error in mitmproxy that prevented arrow navigation has been fixed.

  • Product branding was updated to now reflect NowSecure Workstation.




  • Device System Check - We’ve upgraded the device manager within NowSecure Workstation. This update allows device dependencies to be checked to ensure proper provisioning and compatibility.

Bug Fixes

  • Connecting a non-provisioned device no longer causes NowSecure Workstation to crash. This has been fixed and now the user is taken to the proper provisioning instructions.

  • A bug with bulk importing multiple projects caused the entire process to fail if there was an issue with a single project. This has been fixed.

  • The SAVE button in the toolbar has been removed. NowSecure Workstation uses an autosave function that automatically saves the project after every action taken by the user so that you lose no work and gain efficiencies.

  • Screenshots and Artifacts were not properly referenced when importing a project, causing them to not render properly within the GUI. This has been fixed.

  • NowSecure Workstation users could experience duplicate update notifications on startup if manually initializing the update check. This has been fixed.

  • A bug related to not connecting a device to the WiFi network before a timeout expires could cause the GUI to crash. This has been fixed.

  • Sorting by date now works properly from the project window.



USER ACTION REQUIRED - NowSecure Workstation 5.0 requires the download of a new virtual machine (VM), re-activation of the NowSecure Workstation activation key, and, if desired, back-up and import of old projects.

Please email NowSecure Support or call +1 (312) 878-1100 and our support team will walk users through the process to ensure an efficient upgrade experience.

NowSecure will roll the upgrade out in phases for different groups of NowSecure customers. NowSecure support will contact customers via phone and e-mail to schedule an upgrade.


  • Significant compatibility, security, and stability improvements with Ubuntu 16.04 - We’ve upgraded the underlying VM operating system for NowSecure Workstation from Santoku Linux to Ubuntu 16.04. This upgrade will increase stability, keep the VM up-to-date with the latest security and performance updates, and streamline future product updates.

  • Sleek new graphical user interface (GUI) - We’ve given the NowSecure Workstation GUI a makeover using GUI toolkit GTK3 to improve responsiveness and give it a more modern look and feel.

  • New Icons - In line with the GUI update, we’ve updated the standard icons to make them more pleasing to the eyes and match the more modern GUI theme.



Cydia Packages will need to be updated to enable the r2frida functionality. To do this, follow these instructions: Updating NowSecure Cydia Packages


  • Take binary analysis to the next level with R2Frida integration - Users can now initiate an R2Frida shell from the Advanced tab within NowSecure Workstation. For more details about R2Frida, visit the GitHub page:

  • Making NowSecure Workstation better with anonymized analytics - Gathering analytics about how our customers use NowSecure Workstation helps us improve speed and coverage and make users more efficient. Analytics will now be enabled by default. Data collected is anonymous and scrubbed of any sensitive data (e.g., credentials, search terms, app names, etc.)

  • Track your license expiration date - Users can now view the expiration date of their current NowSecure Workstation license by navigating to Options -> About.

Bug Fixes

  • Memory dump now functions as expected on iOS10 devices.

  • SD Card search now functions as expected on ARM64 devices (Nexus 5X, 6P, etc.).

  • A link to iOS device provisioning support content has been updated.




  • Additional customizable findings templates - Users can now customize CVSS scores, descriptions, recommendations, and more for default search term findings (e.g., phone number, credit card number, Social Security number, device ID, device serial number, and device MAC address).

  • Update notifications now include link to release details - Users can now access the changelog via a link within the NowSecure Workstation user interface when new releases are available.

Bug Fixes

  • Special characters within search terms are now included in searches rather than ignored.

  • Search terms enclosed within quotation marks are now interpreted as phrases rather than individual terms.

  • Bugs in static analysis of iOS apps that enable App Transport Security (ATS) have been fixed.

  • SSL Scan results now properly display a “fail” rating if insecure ciphers or protocols are detected.




  • More granular vulnerability risk ratings - To provide security analysts with more fine-tuned risk ratings, we’ve made CVSS scoring the primary metric in the risk calculation.

  • Customized findings templates - Via Preferences, users can now globally customize findings including but not limited to descriptions, recommendations, regulatory mappings, and CVSS score.

  • Import screenshots - To allow security analysts to add additional screenshots and context to reports, they can now import screenshots through the editor panel.

  • Forensic search expanded to include SD Card - Results from the data population test will now include search terms found on SD card storage.

  • Reports for individual assessments within a project - Export reports for individual assessments, rather than all assessments, within a project.

  • Additional detail in SSL Scan Output - This finding will now include a Pass/Fail rating based on the protocol, cipher, and bit-length used.

  • New regulatory and industry standard mappings - Findings are now also mapped to FFIEC guidelines, PCI DSS, and HIPAA.

Bug Fixes

  • Broken links to the OWASP Mobile Top 10 Risks have been fixed.




  • Added Progress Bar During Report Export NowSecure Workstation will now display a progress bar when a user exports a report. This progress bar will allow you to better monitor the progress of your export.

  • Updated Product Name to NowSecure Workstation Our penetration testing kit has had a few names over the years: ViaLab, Lab, and now NowSecure Workstation. We updated the welcome screen and other naming references throughout the UI to reflect the current product name.

Bug Fixes

  • Cryptography findings are now summarized by filename.

  • Custom search terms were occasionally omitted from the JSON report. This has been fixed.

  • The open project dialogue would remain open after opening a project. The dialogue window behaves properly now.

  • The Address Reference Counting Check has been renamed to Automatic Reference Counting Check.

  • iOS version is now properly displayed in the report.

  • We updated a message with the Automate tab for iOS 10. NowSecure Workstation has not supported the Automated tab for iOS 10, so you will no longer see that error message.




  • Cryptography Library Listings NowSecure Workstation will now surface a list of cryptography findings for iOS and Android apps.

  • Updated SSL Scan SSL Cipher lists now include a complete list of ciphers that a given server can accept.

  • New Support Documentation Documentation within NowSecure Workstation has a fresh new look. This new interface should offer more streamlined updates in the future.

Bug Fixes

  • NowSecure Workstation version is now listed within reports.

  • Copyright date is now current.

  • Previously, some sensitive data was not properly redacted from the report. This issue is now fixed.


  • iOS 10 Support is here! Shoutout to qwertyoruiopz and former NowSecure rockstar marcograss for the iOS 10 jailbreak!

  • Modification of Default Findings - Workstation can now remember changes users make to our default findings so they don’t have to modify them with every new assessment

  • Report Redactions - removes sensitive data (username, pass, keywords, etc…) from the report on request so critical test credentials can’t be gleaned from reports should they be intercepted or simply lost

  • Updated OWASP Mappings (2016) - re-mapped the OWASP Top Ten to ensure we stay up-to-date with the latest and greatest.

  • Some apps wouldn’t show up in the lists of apps installed in some feeble attempt to not undergo security testing. Those apps now appear correctly

  • Selecting a file to overwrite when exporting a report would sometimes overwrite the wrong file, causing confusion, disturbing the peace. No longer

  • The report editor window kept jumping around when you would check/uncheck an item, it now behaves properly

  • Some iOS snapshots were hiding in a different directory. We found them!


  • New Mitmproxy Feature - Added the -insecure option to Mitmproxy providing greater network traffic coverage for apps that use TLS.

  • Bug Fix for Mitmproxy and Interactive Proxy - We fixed an issue that existed when trying to push untrusted certificates. Our code has been updated to restore full man-in-the-middle capabilities. This issue only affected users who updated to v4.1.


  • Mitmproxy Update - Mitmproxy has now been updated to version 0.18. This update allows users to view certificate pinning and validation results in real time. Mitmproxy 0.18 also gives users the ability to test SSL over custom ports. These improvements should improve false negatives.

  • Improved Log Capture for iOS - This forensic check for iOS now supports all iOS 9 devices.

  • Enhanced iOS Static Check Stability - We’ve enhanced the performance of iOS static checks that were previously causing some errors or crashes.


  • Displays Background Modes and Behaviors that the application is leveraging based on libraries imported by the application.

  • iOS Forensics Update: In a recent 9.x version, applications began storing data in a separate “Shared” directory on the device in addition to the standard private application directory. This new location has been added to the “Forensics” tab

  • Resolved an issue where NowSecure Workstation was incorrectly flagging the Certificate Validation test as a Medium risk due to some traffic being generated by self-signed certificate, and was not related to an application vulnerability. We also added a fix to resolve an issue related to the NSFileProtection Output (iOS static check).


  • Interactive proxy integration

  • Forensic File Protection class information shown in artifact viewer for each file

  • iOS static check for files with NSFileProtectionNone

  • Ability to automatically lookup organizations via IP addresses in captured network traffic

  • Ability to sort issues by severity in report iOS

  • App Transport Security check updated

  • Improvements to Touch ID check

  • Added screenshot functionality during Data Capture step


  • Addition of CVSS scores to Issues Found

  • Updated test descriptions and result/recommendation verbiage

  • Radare2 integration (for reverse engineering)

  • Output context added for the ASLR check

  • Report arrangement restructure (splitting results out according to relevant section)

  • Filtered iOS keychain output to only show values matching search terms

  • Squashed the SQL Injection bug fix that caused Workstation to crash occasionally

  • Fixed a bug that prevented output creation from Advanced Tab

  • Swift support for reversing symbols and classes


  • iOS 9.0 and 9.1 support

  • NIAP mapping: findings now include configuration guidelines from National Information Assurance Partnership

  • Improved provisioning for iOS devices reduces the amount of time it takes to install a new agent and certificate on iOS testing devices

  • Resolve memory analysis and automation scripting issues with iOS 9.0 and 9.1.


  • Modify recommendations and regulatory information

  • Rename assessments

  • iOS 8.4 Support

  • UI, reporting, importing, and static analysis bug fixes

  • Rebranded from viaLab to NowSecure Lab

  • Mitmproxy upgraded to the latest 0.12.1 version

  • Android agent updated to v2.3


  • Phone backup/restore feature (Android)

  • IP Geolocation on Network tests

  • Link to 42 Best Practices included for several findings directly in the report

  • Automated LocalAuthentication bypass (TouchID) added as a iOS Cycript function

  • Interface redesign (use of latest GTK3 framework)

  • Artifact viewer enhancements

  • New emulator packages


  • Based on our latest security-minded linux distribution, Santoku 0.5

  • Import search teams using a CSV file

  • Improvements to the automated searches and to the static analysis tests

  • Enhanced iOS device handling and detection