Introduction
As mobile applications become central to enterprise services and digital transformation, attack techniques targeting mobile apps continue to grow in sophistication. Quokka Q-MAST provides automated mobile application security and privacy testing without requiring access to source code, enabling organizations to quickly identify potential risks in Android and iOS applications while supporting compliance with modern security standards and regulations.
Quokka combines static and dynamic analysis to detect unauthorized API calls, sensitive data exposure, weak encryption implementations, and reverse engineering risks. The platform automatically maps findings to OWASP Mobile Top 10 vulnerabilities, generating comprehensive risk assessment reports and actionable remediation guidance. It integrates seamlessly with existing DevOps tools and CI/CD pipelines, allowing development teams to strengthen application security throughout the development and delivery lifecycle.
With Quokka App black-box testing, organizations can proactively address rapidly evolving mobile threats, identify and manage vulnerabilities early, and reduce the risk of exploitation. Whether used for internal audits, pre-release testing, or security evaluation of published applications, Quokka delivers efficient and in-depth mobile security testing — strengthening governance, compliance, and application resilience across diverse threat scenarios.
Features / strengths
• Cloud-based platform requiring no additional hardware
Leverage a cloud-based platform to perform security testing without the need to set up additional test servers or prepare physical devices such as phones and tablets. Efficiently perform security assessments for Android and iOS applications, reducing setup and maintenance costs. The platform also supports seamless integration with DevOps workflows and CI/CD tools, enabling automated testing and enhancing software delivery quality.
• Transparent compliance reporting with complete testing evidence
Provides comprehensive reports of both passed and failed tests, ensuring high transparency and auditability. Supports key mobile app security standards, including NIAP, NIST, OWASP, GDPR, and other international security and privacy regulations, helping security teams quickly verify, respond to audit requirements, and strengthen application security protection.
• Automated security analysis without source code access
Supports Android and iOS mobile applications by combining static and dynamic analysis techniques. Complete and in-depth security testing can be performed even without access to the source code, significantly lowering the entry barrier for deployment.
• Flexible automated testing to maintain regulatory compliance
Built-in multiple security and privacy compliance checks allow enterprises to customize testing strategies and assessment items according to actual needs. Ensure applications comply with internal security policies and external regulations, enhancing mobile app security defenses and overall compliance posture.
Specification in detail
For details, please see the product webpage description
https://www.gss.com.tw/product-services-nav/info-security/quokka