Product Overview
General Purpose
Mobix (the system) is a solution for finding vulnerabilities and automating regression testing of information security of mobile applications using machine learning technologies.
The main feature that distinguishes Mobix is a unique mechanism for creating automated test cases. They are reproduced and adapted to the changes in the application interface with minimal user involvement. This significantly reduces the cost of human resources for testing and searching for vulnerabilities, and allows the security testing process to be implemented as part of a continuous development process (DevOps). Despite the complexity inside, creating a test case looks to the user like usual work with the application. There is no need to write scripts or build the application in a special way. Just perform the necessary steps in the application as if it were installed on a normal mobile device.
The system supports Bytecode Analysis (BCA), Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST) and Application Programming Interface Security Testing (API ST) technologies, raw data collection and provides complete information about the work of the application on the device.
The system is capable of detecting more than 50 types of vulnerabilities and checking for compliance with regulatory and industry information security requirements: PCI DSS, OWASP Mobile Top-10, OWASP MASVS, as well as allows you to create your own internal security standards.
Product Features
Various scan modes
Mobix has several application security analysis modes that are suitable for different testing scenarios. Manual analysis is good for one-time application testing, while the automatic mode is suitable for embedding into the development process.
Flexible modification of analysis rules
Changing the analysis rules allows you to achieve maximum efficiency in finding security defects. The system components responsible for data collection are presented in the form of modules with a simple and clear configuration. The modification of the rules is made in the form of a constructor, and therefore the change will not take much time.
Integration into the CI/CD process
The system has a fully functional REST API. In addition, integrations into mobile app distribution systems are also provided. Maximum flexibility and a wide range of settings allows you to use Mobix in the process already built for application development and inform developers about the existing vulnerabilities at the stage of first builds.
Check of compliance with security standards
The application analysis provides not only descriptions and recommendations for remediation of detected vulnerabilities, but also all collected information about the application and a detailed report on its compliance with the latest global information security standards.
All collected information about operation of the application
All data collected while the application is running on the device is stored, structured, analyzed during vulnerability detection, and made available as scan artifacts.
Detailed recommendations for remediation of the detected vulnerabilities
Mobix detects more than 50 types of vulnerabilities. The search technology is based on observing the behavior of the application on the device during various scanning modes.
After all the analysis stages, the vulnerabilities identified during application scanning are displayed in the system UI, with detailed information about the location of the vulnerability, its severity, detailed recommendations for remediation and, most importantly, how to avoid similar vulnerabilities in the future.
Recommendations are regularly updated with new protection methods and best practices from around the world.
A unique mechanism for automation of regression testing
To automate testing, Mobix has developed a unique mechanism for recording, replaying and adapting test cases. This mechanism is based on deep integration with the operating system and machine learning methods. Despite the complexity inside, creating a test case looks to the user like usual work with the application. There is no need to write scripts or build the application in a special way. Just perform the necessary steps in the application as if it were installed on a normal mobile device.Despite the complexity inside, creating a test case looks to the user like usual work with the application. There is no need to write scripts or build the application in a special way. Just perform the necessary steps in the application as if it were installed on a normal mobile device.