How to activate Advanced Analysis in your AppSweep Project

As of v2.0, AppSweep now comes with a brand new feature: advanced analysis, to further improve vulnerability detection in your projects.

Advanced analysis enhances vulnerability detection by relying on a more comprehensive flow, for example, for data and functionality leakage or proper cryptography use.

Advanced analysis enables the following new findings:

• Detect user input flowing into class loaders or interpreters.
• Detect sensitive user data being written to disk.
• Detect sensitive user data being written to IPC mechanism.
• Detect sensitive user data being written to logs.
• Detect sensitive information written into a notification.
• Detect sensitive user data being sent to the Internet.
• Detect insecure passwords for the certificate keystores.

Advanced analysis highly enhances the detection of vulnerabilities in your builds, but in some instances, it can lead to longer scan times. Advanced analysis is not enabled by default for all AppSweep projects.

If advanced analysis has not been automatically enabled for one of your projects, you will see a notification for your build, shown below:

Advanced analysis can be enabled at the project level only. If you navigate to General Settings for your project, you can enable or disable the advanced analysis to suit your preference:

Et voila, advanced analysis activated, let us know your feedback!