Mobile Application Security Scan
Check the security of iOS and Android mobile apps
Perform an automatic scan of your iOS or Android mobile application in record time and at a low cost. You will receive a detailed report with the detected vulnerabilities and advice on how to fix them. Click the button below to proceed with the order.
STATIC
The application is decompiled to search for vulnerabilities
DYNAMIC
The application is run to identify security risks
BACKEND
The application’s API security is checked
Used by more than 1,000 developers, security, and privacy professionals.
Ostorlab Mobile Application Security Scan can perform automated and advanced scans to protect mobile applications and their users.
Official Standards and Compliance Requirements
The analyses consider and use all major security standards (OWASP Top 10, CERT Android Secure Coding, JSSec Secure Coding) and compliance requirements (PSD2, PCI, HIPAA, FedRAMP, GDPR, NERC).
The results are presented reproducibly with detailed descriptions sourced from Ostorlab’s always up-to-date mobile vulnerabilities database.
Android, iOS, and Multi-platform
Native support for Android and iOS, and for 12 other multi-platform frameworks like Cordova, React Native, Flutter, and Xamarin.
Advanced Analysis
Supported by the largest mobile dependency database, Static Taint Engine, Dynamic Analysis, and Behavioral Fuzzing, Ostorlab provides the most advanced Mobile Scanning capabilities.
Low
Medium
High
The scanning technology is based on four analysis engines
This allows greater coverage, removes false positives, and offers advanced detection
Static Analysis
The static engine conducts a deep analysis of the application to ensure coverage of the attack surface.
The scan inspects the use of unsafe or dangerous methods and detects the presence of protections with weak security keys.
Static analysis covers a wide range of technologies, including Dalvik Bytecode, Xamarin CIL, and multiple cross-platform Javascript frameworks.
Dynamic Analysis
Dynamic analysis allows the application to monitor system interactions, file system access, network, and APIs.
Analysis detects risky behaviors such as unsafe use of the cryptography API, weak authorization mechanisms, or the use of insecure communication channels.
Dynamic analysis offers results that minimize false positives, identifying both privacy and security issues.
Behavioral Analysis
The behavioral engine targets the exposed attack surface of the application.
It injects hundreds of thousands of test cases to trigger potential vulnerabilities.
The engine monitors the progression and evaluation of each test case to generate new ones, offering greater coverage.
This evolutionary fuzzing process can detect more complex vulnerabilities that require complex inputs.
Backend Analysis
Ostorlab scans collect backend findings identified during dynamic analysis.
The analysis performs both passive checks, like detecting insecure HTTP Headers, and active checks, like SQL Injection, template injection, cross-site scripting (XSS) tests, and more.
Ostorlab’s backend analysis focuses on mobile-specific technologies like GraphQL and REST APIs to identify backend vulnerabilities.
Demo Screens
Dashboard with summary of completed analyses
Detail screen of a single analysis
Detail screen of an identified vulnerability
Screen for creating and configuring a new analysis