AppKnox — mDevSecOps
Appknox is the world's most powerful plug-and-play security platform which helps Developers, Security Researchers, and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart the smartest hackers.
Appknox has the ability to perform automated app security testing for Android and iOS mobile apps through the Appknox Platform.
· mDevSecOps: Get DevSecOps for Mobile Application Security.
· True DAST and Server Side Testing: With our true DAST, run your app on real devices and also perform API Testing.
· Mobile VAPT in less than 90 mins: Slash mobile app security testing cycles by 75% using Appknox’s automated security solution.
Integrate the Appknox with Azure Devops
This extension adds the ability to perform automated app security testing for Android and iOS mobile apps through the Appknox Platform.
Task Parameters
The following are the parameters needed for the task:
1. filePath:: true path to APK/IPA binary file
2. accessToken :: trueAppknox API Access Token
3. riskThreshold :: true risk level to fail the build. (Available options are: Low, Medium, High, and Critical. Defaults to Low)
Installation
Install Appknox plugin to your Azure organization
Add Appknox Task to your Azure Pipeline
From the Azure Pipelines Edit page Search for the Appknox task in the Tasks tab.
Configured the required parameters.
$(appknoxtoken) is a build variable with its lock enabled on the Variables tab.
Using Proxy: Appknox task requests can be routed via a web proxy server, which can be configured in environmental variable HTTP_PROXY or HTTPS_PROXY in the format http(s)://username:password@hostname: port.
View Output logs
The above task will upload the binary which will initiate Appknox automated scanning. The progress can be viewed in the pipeline build logs.
Examples Pipeline for Android
# Android
# Build your Android project with Gradle.
# Add steps that test, sign, and distribute the APK, save build artifacts, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/androidtrigger:
— masterpool:
vmImage: ‘macos-latest’steps:
— task: Gradle@2
inputs:
workingDirectory: ‘’
gradleWrapperFile: ‘gradlew’
gradleOptions: ‘-Xmx3072m’
publishJUnitResults: false
testResultsFiles: ‘**/TEST-*.xml’
tasks: ‘assembleDebug’- task: appknox@2
inputs:
filepath: ‘./app/build/outputs/apk/debug/app-debug.apk’
accessToken: ‘$(appknoxtoken)’
riskThreshold: ‘medium’
Sample Appknox Reports :
What to Look for in a Mobile Security Assessment Report
Security vulnerabilities could harm businesses of any size and type. According to a report published by PT Security, around 43% of the Android and 38% of the scanned iOS apps had high-risk vulnerabilities in them.
In order to successfully fight against this rising threat, businesses must take security ahead in their priority ladder.
Vulnerability reports not only provide a detailed structure of the assessment but also offer meaningful insights to target the risks.
But often at times, security service providers overlook the importance of proper reporting. As a result, clients end up being dissatisfied with the entire testing process.
Therefore, it becomes necessary to examine the importance of vulnerability reports. The basic step in this direction should be knowing how to differentiate a good mobile security assessment report from others.
Here we have outlined a list of some of the key features we include in our mobile security assessment reports and why they are so important.
- Application Details: In order to ensure easy tracking and for future reference, our vulnerability report always comes with application details. So, every time an app gets tested, a concise summary containing the app’s name, platform, version, and unique id is recorded
2. Report Summary: Once the detailed static, dynamic, API and other manual scans are completed, an executive report summary is presented. Here, users can see a detailed overview of the tests and the corresponding CVSS (Common Vulnerability Scoring System) scores. This universally accepted and standardized method rates vulnerabilities on the basis of damage they can cause or the urgency of response.
3. Detailed Vulnerability Report: After rating the risk, it becomes important to explain the risk and also its implications. So, after the audit summary, Appknox’s vulnerability assessment report provides a detailed overview of each security issue.
