|
By Vinay Kumar Rasala
That is not a failure of fuzzing. It is a failure of interpretation. In a recent AFL++ fuzzing campaign targeting libarchive, we ran approximately 8.5 billion executions across all fuzzing phases, generated over a thousand crash files, and ultimately reduced them to two unique crash sites through structured crash triage and deduplication. This blog is a practical, engineering-first guide to that process: If your fuzzing pipeline stops at crash counts, you are not measuring security.
|
By Rishika Mehrotra
357 crash reports. 2 actual bugs. That is not a typo. That is the reality of modern application security testing. In a recent fuzzing campaign, over a thousand crash files were generated across billions of executions. After crash deduplication and triage, that number collapsed to just two unique issues. Not hundreds of vulnerabilities. Not dozens of risks. Two. And yet, most security teams would have celebrated the initial numbers.
|
By Abhinav Vasisth
Most mobile security workflows end in a familiar way. A scan runs, a report is generated, and the output looks reassuring. There are no critical issues, maybe a few medium findings, nothing that blocks a release. The process completes, the team moves forward, and the app ships. At that moment, the assumption is clear. The app has been tested. The risk is understood. But there is a question that rarely gets asked, and it changes the entire conversation.
|
By Rucha Wele
“AI-powered DAST” is everywhere. It signals progress, but assumes something fundamental was missing. It wasn’t. DAST struggled not from lack of intelligence, but from lack of depth. Most tools never reached inside authenticated, stateful, multi-step journeys where real logic, sensitive data, and critical vulnerabilities exist. That’s the part Appknox solved years ago. AI here is not a reset. It is an accelerator, applied to a system already operating where risk actually lives.
|
By Vinay Kumar Rasala
357 crash files. 2 real bug sites. That’s the outcome of this AFL++ campaign after roughly 8.5 billion executions across multiple harnesses, binaries, and phases. At first glance, everything looked like success. Crashes were increasing steadily. New inputs were being generated every few seconds. Coverage appeared to improve over time. From a surface-level perspective, the campaign looked productive. Then triage began.
|
By Jeel Patel
Artificial intelligence is no longer just generating text. It generates and executes code in real time. With tools like Google Gemini, features such as code canvases and live previews are turning AI systems into interactive execution environments. This shift introduces a new and rapidly growing category of risk: AI security vulnerabilities tied to real-time code execution.
|
By Denish Vaghasia
When teams think about Android app security, the focus is usually on code for encryption, obfuscation, or binary protection. But in practice, many of the most critical Android app vulnerabilities don’t originate in code at all. They come from misconfigurations. Issues in the AndroidManifest, insecure component exposure, and unsafe inter-app communication often create direct entry points for attackers. These are not edge cases. They are common, repeatable, and frequently exploited.
|
By Aadarsh Anand
For many engineering teams, CI/CD security appears to be working. Static scans run automatically. Vulnerabilities are flagged. Security checks exist somewhere in the pipeline. Yet issues still surface after release. The reason is rarely the absence of tools. More often, it is the absence of structural enforcement across the build lifecycle. Security controls run inside the pipeline, but they do not always guarantee that the artifact being tested is the same artifact that ultimately reaches users.
|
By Raghunandan J
Mobile app risk rarely emerges from negligence. It emerges from fragmentation. In most enterprises, security is applied in stages: Each control works in isolation. None governs how risk evolves over time. Mobile applications are distributed, long-lived systems. Once deployed, they operate outside centralized infrastructure control, exposed to shifting SDK dependencies, evolving APIs, regulatory change, and adaptive adversaries. Security gaps rarely appear within a stage. They appear in the transitions.
|
By Rucha Wele
Mobile security feels mature. Enterprises scan frequently, track findings, and report posture upward. Yet under regulatory scrutiny, cracks appear. This gap between perceived security and defensible governance is where mobile AppSec quietly fails. The illusion isn’t that security isn’t happening. It’s that it isn’t aligned with how regulated risk actually operates.
|
By Appknox
In the rapidly evolving world of Fintech, trust, and security are of paramount importance. We have gathered an exceptional panel of industry experts who will delve into the challenges faced by Fintech companies in maintaining the trust of their customers and ensuring the security of their banking apps. Join our industry leaders comprising of Subho Halder Majorie Labindao Salinawati Salehuddin Md. Abul Kalam Azad,CISSP,CISA,CISM, CRISC.
|
By Appknox
It's #DataPrivacyWeek. Are you ready to build a secure organization and keep your data safe? Join Appknox's panel discussion with Subho Halder, Raghunath Thiyagarajan, Rajkumar P, and Vijayta Sharma
|
By Appknox
Through this webinar, we aim to help enterprises & individuals understand about cloud security and I-AM policy can play a role to build safe and secure mobile apps that garner trust. It will help you to prevent sensitive data loss and infrastructure exposure, resulting in fraud, reputation damage, and regulatory penalties.
|
By Appknox
About The Webinar: The cybersecurity landscape is constantly evolving, making it a challenge to stay ahead of attackers. They are always looking to exploit & gain access to control sensitive information. This can lead to serious consequences, such as ransomware attacks. This means integrating security as a core part of the development process is becoming even more essential by the day.
|
By Appknox
About The Webinar: Today’s cybersecurity threat landscape is highly challenging. Attackers are constantly on the lookout to exploit security vulnerabilities in applications and systems to gain access to or control sensitive information and launch cyberattacks such as ransomware. With companies spreading sensitive data across different platforms, software as a service (SaaS) platforms, containers, service providers, and even various cloud platforms, it’s essential that they begin to take a more proactive approach to security.
|
By Appknox
Join us in an exciting webinar by Appknox's CISO & Co-Founder, Subho Halder and Vaishali Nagori, Penetration Tester at Appknox on Payment Gateway Related Vulnerabilities. Know how Fortune 500 companies have created superior & secure payment gateways for their customers.
|
By Appknox
Launching a mobile enterprise application is no easy feat and one minor security breach can undo all your hard work in no time. With the right security platform, you can detect and fix security vulnerabilities without losing sleep. Say hello to Appknox, a plug-and-play security solution that secures your mobile enterprise applications in less than 60 minutes. Rated the highest in security products in Gartner and being a high performer on G2crowd for SAST, we set ourselves apart from our competition by allowing you to integrate your SDLC with all project management and CI-CD toolchain.
|
By Appknox
A security-first strategy is a competitive business advantage in today's world. Know how Fortune 500's have created superior and secure digital experiences for their customers.
|
By Appknox
Launching a mobile enterprise application is no easy feat and one minor security breach can undo all your hard work in no time. With the right security platform, you can detect and fix security vulnerabilities without losing sleep. Say hello to Appknox, a plug-and-play security solution that secures your mobile enterprise applications in less than 60 minutes. Rated the highest in security products in Gartner and being a high performer on G2crowd for SAST, we set ourselves apart from our competition by allowing you to integrate your SDLC with all project management and CI-CD toolchain.
|
By Appknox
Unlocking the Secrets of building a secure app Under 60 Minutes Build a culture of Secure Programming in your engineering team . With the amount of (attempted) security breaches and high paced sprint cycles, securing your mobile applications from day 1 is a driving force to ship applications at speed.
|
By Appknox
When you are looking for genuine, inexpensive unbiased information to make your application secure, there is no better source to go to than OWASP. OWASP gives you guidelines to the industry's top threats and security best practices that help ensure your applications are secured. Take a look at this FREE OWASP Guide that covers vulnerabilities from both web and mobile to give you a comprehensive overview of your application's security status.
|
By Appknox
Apple is known to employ slightly more stringent norms as compared to its other counterparts as far as Approving apps is concerned.
|
By Appknox
Detect and eliminate critical threats with the lowest visibility hiding behind the thickest of code. Protect your mobile apps and it's data from malicious attacks.
|
By Appknox
As SaaS businesses continue to evolve in a world of cut throat competition, key decision makers must ensure full accountability of their user's security. Sensitive and personal data should be monitored and kept secure along with innovation and strategic investments. Hence security for SaaS organisations is a critical component as a strategic driver for the growth of business.
|
By Appknox
When we make our way into the ecosystem of security technology and infrastructure initiative, learning about application security trends becomes of utmost importance. The unpredictable COVID-19 situation has made global businesses more vulnerable than ever to cyberattacks and breaches. Be it the Zoom data breach (500k records stolen) or the Marriott (5.2 million records breached), hackers don't seem to miss opportunities to exploit vulnerabilities and gain access to business infrastructures and public records.
|
By Appknox
In public-facing cloud environments with faster than ever deployment and delivery speeds, we need security models that can keep up with the pace. However, security still remains one of the most downplayed affairs in many organizations. While DevOps practices have helped organizations find means to build and react to the market faster, the hurdles of relying on traditional security are still making inroads for more and more threat incidents.
- April 2026 (4)
- March 2026 (5)
- February 2026 (2)
- January 2026 (3)
- December 2025 (10)
- November 2025 (3)
- October 2025 (2)
- September 2025 (6)
- August 2025 (7)
- July 2025 (5)
- June 2025 (6)
- April 2025 (3)
- March 2025 (3)
- February 2025 (6)
- January 2025 (2)
- December 2024 (2)
- November 2024 (1)
- October 2024 (4)
- September 2024 (3)
- August 2024 (1)
- July 2024 (4)
- June 2024 (3)
- May 2024 (1)
- April 2024 (2)
- March 2024 (2)
- February 2024 (1)
- January 2024 (5)
- December 2023 (2)
- November 2023 (1)
- October 2023 (1)
- August 2023 (6)
- July 2023 (2)
- June 2023 (6)
- May 2023 (7)
- April 2023 (2)
- March 2023 (7)
- February 2023 (5)
- January 2023 (6)
- December 2022 (2)
- November 2022 (4)
- October 2022 (2)
- September 2022 (3)
- August 2022 (8)
- July 2022 (5)
- June 2022 (10)
- May 2022 (5)
- April 2022 (4)
- March 2022 (2)
- February 2022 (8)
- January 2022 (7)
- December 2021 (6)
- November 2021 (3)
- October 2021 (4)
- September 2021 (3)
- August 2021 (8)
- July 2021 (2)
- June 2021 (8)
- May 2021 (2)
- April 2021 (7)
- March 2021 (7)
- February 2021 (3)
- January 2021 (4)
- December 2020 (3)
- October 2020 (1)
- July 2020 (1)
- April 2020 (5)
- March 2020 (1)
Appknox is the worlds most powerful plug and play security platform which helps Developers, Security Researchers and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart smartest hackers.
Our Products:
- Static Application Security Testing (SAST): With 36 different test cases, Appknox SAST can detect almost every vulnerability that’s lurking around by analyzing your source code. Our tests cover security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly used security threat parameters.
- Dynamic Application Security Testing (DAST): Detect advanced vulnerabilities while your application is running. Appknox DAST simulates actual attacks on our test environment to analyze, detect and plug those pesky vulnerabilities that can fall prey to runtime and network attacks like MITM.
- Application Programming Interface (API) Testing: Quite different than SAST or DAST, Appknox's APIT tests the server-side of your application. Appknox API scan captures API's at requested endpoints and runs 15+ tests on each of these API's to detect vulnerabilities that may compromise the security of the app servers.
- Manual Application Security Testing (MAST): Nevertheless, the human mind is much sharper than a machine. Hence MAST in our security testing product that utilizes experienced security researchers to test vulnerabilities in your app.
- Remediation for Mobile Apps: Prioritize remediation with a research-driven security evaluation guided by OWASP security standards. Appknox remediation framework is designed to help development teams understand and remediate vulnerabilities without slowing down on SDLC.
Build and deploy world-class mobile apps for your organizations at scale and leave your mobile app security to us.