Security Issues Types
Each app in the Scan & Secure portal list several pieces of information, including the following items:
- App Issues
- Security & Privacy issues of the mobile app
- OSS/SDKs
- Shows all Open Source Software and 3rd Party SDKs embedded in the app. Any OSS/SDK with a security or privacy issue will be listed in the top half of the screen titled “SDK Issues”. If an OSS/SDK is listed in the bottom half of the screen, it is embedded in the app, but there are no current issues associated with it.
- TrustKit
- Enumerates all the current TLS attacks on your app, which includes TLS sessions from the mobile client to server side APIs. If the UI shows “No TrustKit Data”, please embedded the TrustKit library in passive mode asap.
- Insights
- This tab also known as the “pen-tester” tab, which shows various insights of the mobile app that is often interesting data for developers/security teams and pen-testers. One common item to review is the Server Side Endpoints and permissions, to ensure items listed in those two categories is what both the security and developer teams expect.
- Security Metric Cards
- If an app has not enabled a full Enterprise subscription, security metrics will always be available free-of-charge. For example, if an app only has the Priority Alerts subscription, the number of issues the app has on Baseline or Enterprise subscriptions will be shown on the “Security Metric Cards” for each app (free-of-charge).