The latest update to NowSecure Lab Workstation features Interactive Proxy testing, Forensic File Protection Class checks, additional network traffic checks, and user interface (UI) enhancements.
Customers use Lab Workstation, our on-premises mobile app penetration-testing kit, to significantly reduce the time and effort required to perform static and dynamic application security testing of iOS and Android apps.
Powerful new tests and integrations
NowSecure Lab Workstation version 4.0 adds important tests for iOS and Android as well as key UI enhancements.
Interactive proxy (iOS and Android)
Using interactive proxy, users can now intercept, inspect, modify, and replay all requests submitted by the application to any backend service during the communication process. This powerful feature was a top customer request and we’re excited to add it to Lab Workstation.
Forensic File Protection Class checks (iOS)
When a new file is created on an iOS device, it’s assigned a class by the app that creates it. Each class uses different policies to determine when the data is accessible. This check will automatically display the file protection class associated with each file that is stored in the private application directory (and displayed in the Forensics tab). During an iOS application security assessment, this will let the analyst know whether certain files are protected with data protection or not. The file protection class will be displayed within the artifact viewer for each file shown in the Forensics tab.
Network Traffic update (iOS and Android)
Users can now identify the owner of any IP destinations reported in the Network tab.
User interface improvements
Sort findings by severity
Users can now sort reported findings by severity, with the highest severity issues listed at the top of the report instead of section-by-section.
Description field on screenshots
We’ve stopped requiring a description for screenshots in reports. Users will only need to enter a label/name for any screenshots. This should improve the user experience when generating reports.
See it in action