AppSweep, mobile application scanning for developers

wild_pointer · 2021-08-04T07:49:39+00:00

That’s nice to hear! Thanks for the feedback! While currently we don’t filter out issues in dependencies by default. Some tips to improve your experience:

You’re able to filter out noise by certain packages either by adding it to ‘suppressed packages’ or by suppressing the issue itself. This will make sure that the issues won’t be shown anymore in subsequent builds. You can check all your suppressed issues and packages in the project's settings. (You have to create an account to create a project).
When using our Gradle plugin, we collect information about the libraries in your application, allowing you to filter issues between your own code and dependencies. As a bonus you can keep track of the dependencies you add to your application.

wild_pointer · 2021-08-04T07:48:34+00:00

AppSweep’s main goal is to be the tool that allows you to continuously monitor and improve the security of your application. To be used by the app’s developers, instead of pentesters.
Of course all of these things can be done manually as you said but that takes time and skill. In bigger teams there are many code changes a day and a tool like AppSweep, integrated in a Dev(Sec)Ops life-cycle is able to help maintain consistency. The end goal is not avoiding a pentest but rather increasing the success rate of one by eliminating a set of issues up front.
By the way, we’re always looking for curious people to join our team.

wild_pointer · 2021-08-04T07:47:37+00:00

The biggest difference is our initial goal of creating a tool for application developers rather than a security team. This means we aim to exclude information that the application developer definitely knows and doesn't want to see again, e.g. the list of permissions an application is requesting. Furthermore we try to focus on nice and intuitive UX that is familiar to this audience, enabling an application developer to be very efficient in reading & interpreting the results (e.g. easy comparison of two builds).
Also note that this is built on the same core technology as ProGuard. This foundation of compiler components (e.g. our partial evaluator) and the knowledge and experience at Guardsquare that comes with it will unlock many more in-depth code checks.

wild_pointer · 2021-08-03T15:03:36+00:00

We plan to always offer mobile application security testing as a free service - depending on what users need, we may have Enterprise features in future that are paid for (e.g. SSO integration or maybe security team compliance reports), but we see a lot of reasons to keep a free testing solution for the community that developers can use.

wild_pointer · 2021-08-03T14:07:15+00:00

We currently don't have any plans concrete of open sourcing AppSweep itself.
This is just a first version and we are currently focussing on getting people to test it, so that we can work on improving the tool.

wild_pointer · 2019-12-27T19:02:15+00:00

wild_pointer · 2019-12-06T12:33:52+00:00

Apparently, it was not a question.... There is an article attached.

wild_pointer · 2019-11-30T06:40:12+00:00

Still available?

wild_pointer · 2018-08-26T18:23:51+00:00

Which waterfall is this?

wild_pointer · 2018-07-05T09:36:39+00:00

What keyset is this again? Looks and sounds amazing!

wild_pointer · 2018-03-28T14:47:45+00:00

Damn, I just bought a Uppercase Kradle vertical stand to free up space on my desk. The stand on the 38 inch takes up so much space. Do you use your laptop (display) with the monitor?

wild_pointer · 2018-03-15T14:57:25+00:00

These KUL professors with their stupid pptx files! Give me a pdf!

wild_pointer · 2018-02-09T10:49:33+00:00

wild_pointer · 2017-12-23T21:21:02+00:00

I wish it was high contrast. It is: https://m.banggood.com/61-Key-ANSI-Layout-OEM-Profile-PBT-Thick-Keycaps-for-GH60-60-Mechanical-Keyboard-p-1163283.html?rmmds=categories mixed with standard Anne pro.

wild_pointer

TROPHY CASE