API for your SDLC. Сheck your Apps before release!

Good news everyone!
Now we have API, and there are a few words about why to use it and how.
It's not a surprise that cost of fix depends on development stage, and patches for a released software are used to be the most expensive.

And HackApp has not been able to help with it. Today we are happy to present API, which can be scripted into your SDLC.

API is simple and has 3 actions:

1. Add application , 
2. Check status,
3. Get Report .

Also we have a nice web page to explore uploaded apps :)

Add Application

There is a request to upload an app:

curl    --form "file=@%path_to_app_bundle%" https://hackapp.com/api/addapp  --form "secret=%secret_key%" -k

• %path_to_app_bundle% - path to app file on your filesystem
• %secret_key% - your API authentication key, how to get it you can read futher.

if everything is ok, you'll get response:

{"action": "add_app", "details": "", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success"}

• %app_id% - name of your app.
• %app_hackapp_id% - app id in HackApp, you will need it, to check status, or get report.

Check status

Request to get status of already added app:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appstatus  --form "app_hackapp_id=%app_hackapp_id%" -k

if everything is fine, you will get:

{"app_status": "done", "app_hackapp_id": "%app_hackapp_id%", "app_id": "%app_id%", "result": "success", "details": ""}

• "result": "success"  -  your app is analysed and you can get report.

Get report

To get report:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an explaining example:

{"com.idar.visupay":    # App name

{

"bugs": {  # Hash Array  where key is bug ID

"ios_ssp": [{"bug_file": "Payload/VISUPAY.app/VISUPAY", 

"bug_details": "", 

"bug_fix": "This can be achieved by specifying the \"--fstack-protector-all\" compiler flag", 

"bug_name": "Stack Smash protection disabled", 

"bug_file_id": "c9dd3255eed4a5a3d6a6ca5e00408e07", 

"bug_false_positive": 0, 

"bug_id": "ios_ssp", 

"bug_desc": "Compilation without stack protection can lead to malicious code execution", 

"bug_level": "medium"}], 

...

"desc": { # Hash Array with app details

                         "ver": "2.0.001", 

"perms": ["Storage in KeyChain"], 

"min_ios": "4.3", 

"uri": ["fb321971781207651://"], 

"drm": null, 

"store": "appstore" 

}

}

}

Apps' List

To get list:

curl    --form "secret=%secret_key%" https://hackapp.com/api/appreport  --form "app_hackapp_id=%app_hackapp_id%" -k

you will get JSON object. There is an example:

[{"app_status": "done", "app_hackapp_id": "9a7630baf742cc0583ba87aacbf6a9e6", "app_id": "com.idar.visupay"}, {"app_status": "done", "app_hackapp_id": "4bb60e00e7f5c17d891a72f03ccd1bbd", "app_id": "air.ru.mail.games.pokerarena"]}

GUI

There is a cute page to represent API activity 

by clicking here you'll get a list of all added apps 

... and there is a special button to get your current API secret key. Sure thing, you can change it, if you think someone else uses it ;)

API is available in PRO version. 

To enjoy a free trial, please contact info@hackapp.com.