Usage in the UI
Our MATRIX solution is designed to help you identify and address security issues with your apps. This approach reduces the risk of security vulnerabilities in the virtualized mobile devices, providing a more secure experience for end-users.
Create a Virtual Device and Install your App
If you want to use MATRIX via the UI, start by creating a device, then installing your app. To automate your virtual device and application management, you can use our CLI or our various SDKs.
On Android, you need to manually adjust the device to use 4 cores and 4GB of RAM. During the creation process, choose the "Set advanced boot options" checkbox in order to adjust the amount of CPU cores and RAM on the Android device prior to running the tests. This adjustment is only needed when using MATRIX through the UI. You can see how to configure this in CPU and RAM Settings.
Create a Test��
Once the device is ready, click the "MATRIX" tab on the left. Previously ran MATRIX tests will show up here, this is known as the History page. To begin a new MATRIX test, click "New test".
Select the desired application you want to test from the list of installed applications or install a new app. We'll be running a MATRIX test against the Corellium Cafe application.
After the app has been selected and you've pressed the "Continue" button, you can optionally upload a "keywords" text file. This is a newline-separated list of keywords that are case sensitive and will be used to search for vulnerabilities in the application. This could include things like known credentials, API keys, or other sensitive information. To specify regular expressions (regexes) in your keywords .txt file, wrap them in regex(/.../). For instance, to find all credit card numbers that start with “1234,” create a new line in the .txt file that says regex(/^1234/).
Please review our Known Issues MATRIX page for more information regarding if your iOS device supports regex or not.
By pressing the "Save & continue" button, MATRIX will continue to the monitoring stage where you can perform the interactions with the device.
Monitor and Collect Data
Once you've created your test, begin collecting data from your virtual device by clicking "Start monitoring". You do not need to start the target application manually, the app will be automatically launched after clicking start monitoring. After monitoring has begun, the app will be automatically rebooted.
While the monitoring is in-progress, start performing all the desired interactions with the application. When you've finished, click the "Stop monitoring" button to stop collecting data. After stopping the monitor, the app will be automatically rebooted again.
When the monitoring stops you will have to click on continue to run the test
Run the Test
Once the monitoring is complete, you'll be able to run the test, which includes the checks and artifacts. Click the "Run test" button to begin.
The test will run automatically from there. Once complete, you'll be able to view the results.
View the Results
Finally, you can view your report! In our UI, the report will have detailed information about the test you just completed. The reporting interface is broken down into five sections.
Summary gives you a high-level overview of how many items passed, failed, errored, or are not applicable.
Metadata gives you the detailed information about the test and your target app. This includes the App name, AppID, App version, TestID, Test date, Sensitive values "if one was used", Corellium version, Created by, and last modified by.
Checks shows which Checks were run, as well as each one's Description, Status, Severity, impact, remediation, Compliance mapping, and Evidence (if the check failed). Click here for more details about Checks.
Artifacts shows which artifacts were run, as well as each one's Description, Status, Compliance, and Output (if applicable) Click here for more information about Artifacts.
Activity gives you detailed information about changes to the report. You can filter by Date, User, Event, Item, and keywords.
Alternatively, you can download the report as a JSON or HTML file by clicking the three dots in the top right corner of the results page. You can learn more about these formats on the Reporting page. You can filter the results by category, test status, and severity.
In a future version of MATRIX, we intend to allow you to customize the status and severity of a check’s results to allow you to identify false positives, or tailor the results to your organization's security profile.
History and Retesting
You can view the results of your historical MATRIX tests and retest apps as needed. The MATRIX test history can be viewed from both an on and off device state. Click the "View History" button to view your previously ran tests. For more details, visit the History page.