REX logo

DOCS

DOCUMENTATION, GUIDES & WALKTHROUGHS
Creating an accountGetting startedWeb ApplicationAPIJenkins plug-inReportsIssuesSettings

Creating an account

To create an account, register using your email and a username and password.

You will then receive a verification e-mail with a link, which you will need to follow in order to complete your account setup.

Once verified you will be able to login, and choose your plan. We currently have four subscription plans to choose from:

PlanMonthly cost*Monthly scanning time
MicroFREE30 minutes**
Mini£155 hours
Midi£200100 hours
Maxi£10001000 hours

*Plans are billed every 30 days.

**Free minutes are capped across all users of REX.

If you have needs which are not met by one of these plans, please get in touch

Getting started

There are multiple ways to use REX and you are free to use any depending on your needs and current setup:

If you don't have an APK to use, or want to test it out with an example APK first, feel free to use one of the examples below:

Web Application

Using the web frontend for REX is the easiest way to perform a scan.

Log in

Log into REX at here using your username and password. If you have forgotten your password please contact us at rex@digitalinterruption.com

Dashboard

Once you’ve logged in, you’ll be presented with your dashboard.

UPLOAD

This is where you can upload an application to scan.

Either click on the upload area and navigate to the APK you want to scan from your files, or drag the APK directly into the area. Once selected, the scan will run automatically. When the scan is completed, the results are displayed.

As well as viewing the results in the web app, a PDF can be downloaded making it easier to share findings. This can be done by clicking Download Report from the individual report page.

Live chat

REX has a live chat feature which can be used for questions or feedback at any time. This is generally monitored live on weekdays 9:30-17:30 BST, but any requests can be submitted here and we will get back to you as long as contact details are provided.

API

Docs for using REX via the API can be found here.

Jenkins plug-in

Coming soon...

Reports

A report is available for each job (an individual scan for an APK). This will be shown after a scan is run, and all reports are saved in the Reports tab within REX once logged in to your account.

Date created: The date the job was created on REX.

Job ID: The unique job identifier.

Name: The file name of the APK that was submitted for analysis.

Status: The current status of the job, one of:

  • Queued
  • Processing
  • Complete
  • Complete With Errors
  • Failed

Issues: The number of potential security issues found from the scan.

Time taken: The time taken to complete the scan.

Size: The size of the APK file uploaded into REX.

MD5: The MD5 checksum of the APK that was submitted for analysis.

SHA1: The SHA-1 checksum of the APK that was submitted for analysis.

SHA256: The SHA-256 checksum of the APK that was submitted for analysis.

Issues

Severity

Severity is the risk of the vulnerability, and issues are ranked on a scale of 1-20 with 1 being the most critical, and 20 being the least.

  • Critical: 1-4 – high risk vulnerability, should be fixed immediately
  • High: 5-9
  • Medium: 10-14
  • Low: 15-19
  • Informational: 20 – bad practice, but not posing any immediate security risk

Confidence

Confidence is how sure REX is that the vulnerability exists. Unfortunately no scanner is completely free from false positives.

  • High: 1 - There is no doubt the report is correct.
  • Medium : 2 - The report is correct, but its impact may not be as severe as described.
  • Low: 3 - The tests have flagged the issue, but it may be a false-positive.

Types

Issues have an overview, or summary on the main report page. By clicking 'View Details' a user can see a more detailed description of the issue, along with examples of vulnerable and safe code in order to make changes to their own code.

CVSSv3 Vector: CVSSv3 stands for Common Vulnerability Scoring System version 3.0. The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical). REX users can click on the CVSSv3 Vector to learn more about this score.

Classification: This is the Common Weakness Enumeration type - CWE is a community-developed list of software and hardware weakness types. Clicking on this classification will take a user to the CWE page for that type.

Settings

Change password

Use the form to change your REX account password.

API Key

Use your API key for REX API calls. Regenerate API key as needed.