Mobile App Security Test: API

Mobile App Security Test: API Documentation

The ImmuniWeb® Community Edition also provides a premium account status to run increased number of tests for a monthly fee. The premium status also unlocks full technical details in the reports (if applicable), allows to download the full data in PDF format and provides an API key that unlocks API's full functionality. For more information, please refer to the Monthly Limits tab.

Mobile App Security Test: CLI

Follow @immuniweb

Installing Python Script

Create virtual environment and install dependencies. Python >= 3.7 required.

git clone "https://github.com/immuniweb/iwtools.git" && cd iwtools/iwtools

python3 -m venv env

source ./env/bin/activate

pip install -r requirements.txt

Overview

Mobile App Security Test can be performed using the service’s CLI to test your iOS or Android mobile apps for OWASP Mobile Top 10 and other vulnerabilities. You can use a Docker image or a Python script as described below.

Using Python Script or Docker Container

Audit your iOS or Android applications for OWASP Mobile Top 10 and other vulnerabilities:

Test application from market:

./iwtools.py mobile https://play.google.com/store/apps/details?id=com.example

Test hosted application:

./iwtools.py mobile https://example.com/app.apk

Upload and test application:

./iwtools.py mobile "/home/user/app.apk"

Get raw API response in JSON format:

./iwtools.py mobile --format raw_json "/home/user/app.apk"

Test application from market using Docker:

docker run immuniweb/iwtools mobile "https://play.google.com/store/apps/details?id=com.example"

Check other command line options here.