Onsite appliances
On-site Corellium server and desktop appliances use the latest Arm processors. Appliances can be air-gapped for use in high-security locations.
We run on Arm, others don’t
We pioneered Arm device virtualization for real-world mobile app security testing.
Ditch device labs and emulators
Stop asking your security teams to manage endless physical device and OS combinations.
-
Replace costly, incomplete, and undependable physical device labs or cloud farms.
-
Achieve Arm-native performance, accuracy and device behavior that emulators can’t.
-
Run production code and eliminate code modifications and recompiles that emulators often require.
-
Enable never-before-possible dynamic app security testing (DAST).
Save valuable time
Eliminate the mundane aspects of mobile app pentesting with our purpose-built tooling.
-
Spin-up device models and OSs on-demand, including beta releases, with one-click jailbreak/root access.
-
Use pre-integrated functionality like filesystem read-write, SSH, FRIDA, and Cydia.
-
Easily control sensors like battery, GPS, and motion sensors to simulate real-world conditions.
-
Snapshot and clone device states to simplify reproducibility, record bugs, and audit test procedures.
Use advanced mobile app security tools
Our security tools are purpose-built by security experts.
-
Easily monitor and trace system calls and processes.
-
Enable real-time traffic monitoring with network interception tooling.
-
Bypass mobile security controls, certificate pinning, jailbreak, and root detection.
-
Simplify iOS and Android reverse engineering and mobile app patching.
- Use usbmux-compatible tools with our virtual devices as drop-in replacements for physical phones with our USBFlux utility.
Leverage MATRIX™ automation
Accelerate security testing and AppSec compliance with our MATRIX automation technology.
-
Quickly generate security assessment reports for iOS and Android apps as often as needed.
-
Add continuous app security testing to your software DevSecOps pipelines.
-
Integrate with Github, Azure DevOps, CircleCI, and others to run parallel tests at scale.
- Use our APIs or Terraform provider to automate device creation, configuration, and testing matrices.
Comprehensive penetration testing
Corellium provides a powerful and polished user interface with built-in security tools for root access, forensic analysis, filesystem manipulation, Frida scripting, SSL/TLS stripped network monitoring, application debugging, and much more. A comprehensive API and USBFlux technology enables integration with leading development and security tools such as Xcode, Android Studio, IDA Pro, Frida, and Burp Suite.
Increase team efficiency
Our business solutions streamline security and developer team processes.
-
Snapshot and share virtual devices across teams to accelerate collaboration and remediation.
-
Use project team functionality to allow admins to manage projects, resources, and permissions for specific users and teams.
-
Enable more effective, hands-on mobile security team training.
Technical capabilities
-
Easily spin-up near limitless combinations of iOS and Android device, OS and mobile apps
-
Gain device root access, no need to apply additional code or tools
-
Test mobile apps on any OS version; jailbroken, rooted or not
-
Test enterprise mobile apps (IPAs and APKs)
-
Network traffic interception and SSL/TLS stripping
-
Integration with Burp Suite, Charles Proxy, and Frida
- Browse the device’s file system - download and forensically examine files
-
Research and test new and known exploits
-
Control device sensors, GPS location, and device IDs
-
Script and API capabilities to automate testing
Test lab flexibility
Not all security labs and testers have the same needs. We know that Corellium is built by security experts for security experts.
Cloud service
The Corellium cloud service is hosted on AWS, using AWS Graviton servers. Private AWS servers are also available.