esChecker is a dynamic security scanning tool for Android and iOS mobile applications to test the apps' self-protection and identify vulnerabilities and misconfigurations with no false positives.
12 min read
esChecker is a Mobile Application Security Testing (MAST) tool for mobile applications, running both Static (SAST) and Dynamic Tests (DAST), straight from the binary (blackbox).
It executes your applications on real mobile devices and launches attacks to detect failures in self-protection on .apk or .ipa files.
Thanks to having its device farm, it has unique capabilities to trigger attack techniques like reverse engineering or code tampering.
Let's run an example scan:
1- First, you need to upload your application file (.apk/.ipa)
2- You can record a test sequence to guide the scanner to go through the most critical screens of your apps, allowing full code coverage.
3- Now, you can choose a scanning campaign depending on the type of your applications: Banking, gaming, healthcare or others.
These preset campaigns are provided in line with the OWASP recommendations.
4- and you will get the scan results in 20-30 min.
esChecker is the only solution that executes your apps on a real device and runs attacks.
Most of the other mobile application security testing solutions use emulators to run the app and execute the attacks through it.
However, this methodology is limited when it comes to code coverage. Plus, if the apps are protected against the usage of emulators, the report would be biased.
Your apps will be running on a real device, and you will record your user journey and design your attack scenarios.
You can fine-tune your scans to recognise popups or error handling messages so your scan results will always reflect the right vulnerabilities. (no false-positive)
It is an annual subscription that you can buy for a number of applications. It is $10k per application approximately.
There is no limit on users or how many times you can scan your applications during the year.
esCoaching is a learning platform for mobile application security where you can interact with security experts in real-time.
Some of the topics:
-Static Analysis of an Android application
-Android basics from the reverse engineer point of view
-Android: Crack-me Challenge
-Dynamic Analysis of an Android application
-Static Analysis of an iOS application, Part 1
-Static Analysis of an iOS application, Part 2
-Dynamic Analysis of an iOS application
-iOS: Crack-me Challenge
-iOS basics from the reverse engineer point of view
-Introduction to P-Code and GHIDRA SLEIGH
-Code instrumentation with FRIDA
-Deep dive into Linux/Android loader and Dynamic Linker
-Code Review of ARM Assembly Code
-Identifying C constructs in ARM using GHIDRA
-Practical Introduction to GHIDRA
-Static Analysis of a virtual machine using GHIDRA
-Reverse engineering a Virtual Machine using Unicorn
-Breaking a White-Box implementation embedded in an Android Application
-Side Channel Marvels Tools & Double Fault Injection Attack
-Breaking a White-Box implementation embedded in an Android Application (Intermediate Level)
-WBC Binary Instrumentation