AppCheck for Heartbleed vulnerability

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. AppCheck performs a static analysis on your application or embedded systems firmware to determine if vulnerable versions of OpenSSL are included in your software package for both client and server side applications.


Supported applications

AppCheck can scan embedded system firmware images, applications for Microsoft Windows, Apple Mac OS X, Linux, and many other desktop and server platforms, and unencrypted mobile applications for Android, iOS and Blackberry platforms.

The free edition of the AppCheck limits upload sizes to 200 MB. If you need to scan bigger applications or firmware images, contact us.

What is AppCheck?

Codenomicon AppCheck is a security-focused application composition analysis scanner. What makes it unique is that it operates purely on provided binary images or compiled applications. No source code is required. Results of the composition analysis include identification of third party code and libraries included within the scanned software, vulnerabilities in the third party code that could be exposed in the scanned software, and software licenses such as AGPL, BSD, GPLv2, GPLv3 and LGPL associated with the third party code that may have implications for the whole software package.

AppCheck is non-destructive binary static analysis that determines what third party code and libraries are found either statically or dynamically linked inside the scanned software package. This is especially helpful in determining whether you're vulnerable to bugs such as Heartbleed (CVE-2014-0160, especially in cases where you either cannot run dynamic tests against your systems, or are afraid that active vulnerability scanning might have adverse effects on your system.