esChecker, your MAST automation companion
Dynamic Application Security Testing (DAST)
esChecker attacks your apps at runtime to verify if they react as per your Security Policy. By challenging the implemented and/or integrated protection, esChecker gives a Defense Score to the Runtime Application Self-Protection (RASP).
-
Define the critical User Journeys you want to test, to turn DAST into IAST (Interactive Application Security Testing)
-
Works on protected apps: anti emulation, hook detection, root detection, …
-
Video proof of the Dynamic Attacks and the App Defense
Static Application Security Testing (SAST)
esChecker scans the binary to verify if good practices have been implemented:
- Check calls to untrustful API,
- Inadequate data storage,
- Use of deprecated libraries, etc.
Define your own Security Policy
- Pick the test & attacks you need to run out of our Test Catalogue,
- Make sure you comply with the regulations and standards you want to meet: OWASP, PSD2, FFIEC, PCI, CWE, NIAP, FISMA, HIPAA, …
OWASP
OWASP defines a set of guidelines to test Mobile Applications Protections in the OWASP Mobile Security Testing Guide (MSTG):
- Some can be automated: esChecker is here to assist you,
- Others can’t: that’s on you.
By checking that your code complies with OWASP MASVS, this is a demonstration of quality.
- Select a campaign suitable to your use case: L1(+R) or L2(+R)
- OWASP Mobile TOP 10
Automate your security test
esChecker helps you automate your Mobile Application Security Testing
Dynamic Security Testing
Static Security Testing
Integrated in your CI/CD pipeline
iOS & Android
OWASP Guidelines
Full qualification in 30 min
Our Solution :
Fields of application
Integrate Security QA early in your Development Process. Don’t wait until your application is live to make the relevant security checks.