DerScanner - Static Application Security Testing by DerSecure Ltd. DerScanner can detect vulnerabilities and undocumented features in both app source code and binary executables and then provide detailed recommendations for developers and cybersecurity officers. It can be integrated with various IDEs, CI/CD servers and issue tracking systems. Binary code decompilation and deobfuscation technologies enable DerScanner to analyze executables, including those for Google Android, Apple iOS, and Apple macOS. To check a mobile app, a user just needs to copy a relevant Google Play or App Store link to the analyzer in order to see analysis findings based on the reconstructed source code. Vulnerabilities are detected using search rules once the Fuzzy Logic Engine completes analyzing and stops running. SCA technology can help reveal vulnerabilities in not only a company’s inhouse code, but also freeware and third-party library components. DerScanner has algorithms for the automatic search for undocumented features. These algorithms are based on our own permanently updated knowledge base. Undocumented features are detected by their basic structures, such as hard-coded accounts, hidden network activity, time bombs, etc. The presence of such basic structures may point to a more complex backdoor in the app. The binary code deobfuscation and decompilation functionality of DerScanner enable the detection of vulnerabilities and undocumented features in legacy and custom apps, including those interacting with third-party components used to reduce development time (such as freeware, pre-written codes from Internet, modules, and libraries). DerScanner can compare the results of completed checks and generate various diagrams to vividly show how vulnerabilities or undocumented features are emerging and eliminated, including breakdown by project group. In addition, the system takes into account typical code writing changes, while also monitoring vulnerabilities or undocumented feature