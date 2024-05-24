Guardsquare AppSweep Description

Guardsquare AppSweep is a mobile application security testing (MAST) tool that identifies security vulnerabilities in mobile applications during the development process. The tool performs multi-analysis testing combining static and interactive approaches to detect security issues. AppSweep conducts in-depth code analysis that goes beyond pattern matching, utilizing control and data flow analysis. The analysis includes taint analysis, ProGuard reachability and dead code tracking, and value reconstruction and propagation algorithms. Findings can be augmented through interactive runtime testing. The tool organizes security findings according to OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Application Security Testing Guide (MASTG) for vulnerability classification, prioritization, and remediation guidance. This structure helps development teams identify and address security issues systematically. AppSweep provides a command-line interface (CLI) that integrates into CI/CD pipelines, enabling automated scanning during the development process. The tool supports integration with various DevOps toolchains to facilitate shift-left security practices. AppSweep Enterprise offers additional capabilities including extended CLI integration for detailed findings export, reachability analysis to focus on relevant code sections, support for larger application uploads, and automated data retention policies for compliance requirements.