Currently, only 1st party, debuggable builds are compatible with jailed testing. 3rd party mobile apps downloaded from the App Store cannot be tested on jailed devices but can continue to be tested via existing jailbroken testing methods on Workstation. Outside of that, as long as the mobile apps are debuggable, they can be obtained from a number of sources, including:
Only jailed-testing compatible mobile apps will be shown in the dialog box list when running a jailed assessment in NowSecure Workstation.
|Sensitive Data: HTTP||Dynamic||✔||✔|
|Sensitive Data: Local Files||Dynamic||✔||✔|
|Sensitive Data: System Logs||Dynamic||✔||✔|
|Sensitive Data: Memory Dump||Dynamic||✔||✔|
|Sensitive Data: Keychain||Dynamic||✔||✔|
|App Transport Security||Static||✔||✔|
From a coverage and results perspective, NowSecure Workstation provides the same level of information with jailed testing as traditional jailbroken testing. In upcoming releases, NowSecure will be expanding jailed testing to include additional test capabilities never before seen in an enterprise-grade security testing product.