This page will guide you through the different steps in the Code tab.
Depending on the platforms (Android/iOS), different tests will be executed during the Static Analysis. Click “Start” to run the following tests. An assistant will tell you which test is being performed. You can then close the assistant to populate the results in the results treeview on the left.
Class dump is performed
Keychain values are decrypted and searched for sensitive values
The application is checked for ASLR implementation
For Swift applications with debug enabled, the “class information” artifact will display a list of files, classes, methods and symbols
For Swift applications with debug disabled (ready for production or from app store), we are unable to list all of the above information. You will only see a list of class names, as well as attempts to demangle the class names and convert into proper naming.
Provides a list of application activities and content providers
Inspects the app certificate
Reviews application permissions
Checks for application debug flag
Checks for code obfuscation
Checks for vulnerabilities related to the SecureRandom API
Checks for potential issues related to the MasterKey vulnerability
Checks the size of the signing key
Decompiles and scans app source code
Select “Start” to dump the application’s process memory.
Once the Memory Dump is completed, you can click on “Search Memory Dump” to start a search of the dump for any sensitive information provided in the “Setup” tab.
Workstation allows you to manually launch any of the activities used by the application. This is especially useful for example to test if launching certain activities can bypass login screens, and give access to personal information.
To launch an activity, check the box next to its name inside the “Exported Activities” tab, and note any results happening on your device.
Don’t forget that you can, at any time, add findings, take notes or even screenshots using the Editors panel at the bottom of the main Workstation window.
In this step, Workstation will conduct tests on your application to evaluate SQL Injection-related vulnerabilities.
To perform this test, you can either let Workstation automatically probe all Content Providers (CPs) searching for potential vulnerabilities or manually select a specific Content Provider you would like to run the test on.
If a Content Provider is found vulnerable, Workstation will also automatically try to retrieve available data from that vulnerable Content Provider and display the results on the treeview on the left.
In this step, Workstation will conduct a test to determine if your application is vulnerable to common path traversal vulnerabilities.
Similarly to the SQL Injection step, to perform the Path Traversal test, you can either let Workstation automatically probe your application searching for potential vulnerabilities or manually select a specific URI you would like to run the test on.
If a vulnerability is found, Workstation will also automatically try to retrieve available data from that vulnerable path and provide information about the files that were accessed during the test in the results displayed in the treeview on the left.