Tuesday, 20 May 2014

API for your SDLC. Сheck your Apps before release!

Good news everyone!
Now we have API, and there are a few words about why to use it and how.
It's not a surprise that cost of fix depends on development stage, and patches for a released software are used to be the most expensive.






And HackApp has not been able to help with it. Today we are happy to present API, which can be scripted into your SDLC.

API is simple and has 3 actions:

  1. Add application , 
  2. Check status,
  3. Get Report .
Also we have a nice web page to explore uploaded apps :)

Add Application

There is a request to upload an app:

curl    --form "file=@%path_to_app_bundle%" https://hackapp.com/api/addapp  --form "secret=%secret_key%" -k

  • %path_to_app_bundle% - path to app file on your filesystem
  • %secret_key% - your API authentication key, how to get it you can read futher.


if everything is ok, you'll get response:


{"action": "add_app", "details": "", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success"}

  • %app_id% - name of your app.
  • %app_hackapp_id% - app id in HackApp, you will need it, to check status, or get report.


Check status

Request to get status of already added app:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appstatus  --form "app_hackapp_id=%app_hackapp_id%" -k


if everything is fine, you will get:

{"app_status": "done", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success", "details": ""}

  • "result": "success"  -  your app is analysed and you can get report.

Get report

To get report:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an explaining example:

{"com.idar.visupay":    # App name
{
"bugs": {  # Hash Array  where key is bug ID
"ios_ssp": [{"bug_file": "Payload/VISUPAY.app/VISUPAY", 
"bug_details": "", 
"bug_fix": "This can be achieved by specifying the \"--fstack-protector-all\" compiler flag", 
"bug_name": "Stack Smash protection disabled", 
"bug_file_id": "c9dd3255eed4a5a3d6a6ca5e00408e07", 
"bug_false_positive": 0, 
"bug_id": "ios_ssp", 
"bug_desc": "Compilation without stack protection can lead to malicious code execution", 
"bug_level": "medium"}], 
...
"desc": { # Hash Array with app details
                         "ver": "2.0.001", 
"perms": ["Storage in KeyChain"], 
"min_ios": "4.3", 
"uri": ["fb321971781207651://"], 
"drm": null, 
"store": "appstore" 
}
}
}

Apps' List

To get list:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an example:

[{"app_status": "done", "app_hackapp_id": "9a7630baf742cc0583ba87aacbf6a9e6", "app_id": "com.idar.visupay"}, {"app_status": "done", "app_hackapp_id": "4bb60e00e7f5c17d891a72f03ccd1bbd", "app_id": "air.ru.mail.games.pokerarena"]}

GUI

There is a cute page to represent API activity 



by clicking here you'll get a list of all added apps 




... and there is a special button to get your current API secret key. Sure thing, you can change it, if you think someone else uses it ;)




API is available in PRO version
To enjoy a free trial, please contact info@hackapp.com.












15 comments:

  1. I really love this post I will visit again to read your post in a very short time and I hope you will make more posts like this.
    Best essay writing service

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. This is really good news, thank you a lot! HackApp is really cool. I am using it all the time while working on my projects at handmadewritings

    ReplyDelete
  4. If you're reading this on an RSS feed like Google Reader (which is going away - alas!) or an email version, you'll want to click over to the full blog to see the changes. Home Electrical Repair Service

    ReplyDelete
  5. for beginners like me need a lot of reading and searching for information on various blogs. and articles that you share a very nice and inspires me . Security Guards

    ReplyDelete
  6. I really love this post I will visit again to read your post in a very short time.....http://www.vpshosting.com.pk/

    ReplyDelete
  7. I really love this post I will visit again to read your post in a very short time.....
    VPS Hosting

    ReplyDelete
  8. This is really good news, thank you a lot! HackApp is really cool.

    gclub online
    goldenslot
    สูตรบาคาร่า

    ReplyDelete
  9. Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing. Sell House Fast Florida

    ReplyDelete
  10. I really love this post I will visit again to read your post in a very short time and I hope you will make more posts like this.

    VPS Hosting in Pakistan

    ReplyDelete
  11. There is genuinely very little you can't do with a portable workstation. The main real distinction is that you can take your PC anyplace, and that is something worth being thankful best laptop brands

    ReplyDelete
  12. This is really good news, thank you a lot! HackApp is really cool. Web Hosting

    ReplyDelete
  13. Softhof is a reliable hosting company which offers web hosting in Pakistan, domain registration in Pakistan and VPS hosting in Pakistan. Softhof is provide web hosting in Pakistan and it is a specialized in windows hosting as well as Linux web hosting provider company in Pakistan, offers best web hosting services with free domain name. Softhof providing low cost web hosting in Pakistan, with free domain, reseller hosting, dedicated support and your satisfaction as the best web hosting company.
    Web Hosting in Pakistan

    ReplyDelete
  14. A gun safe is a great investment if you are a gun owner. It will protect your gun from theft and keep a child from having access to the gun.
    best gun safe biometric

    ReplyDelete
  15. The most suitable way to travel is by booking a taxi from mumbai to goa cab

    ReplyDelete