About SaqTech

SaqTech provides independent security analysis across four domains: mobile applications, web applications, network traffic, and API endpoints. We use automated tooling to identify vulnerabilities at scale.

The Suite

SaqMobile performs static analysis on Android APKs — decompiling the app and checking 11 categories including manifest security, hardcoded secrets, WebView configuration, cryptography, and data storage.

SaqScan analyzes web applications for TLS configuration, security headers, cookie flags, information disclosure, and server hardening.

SaqTraffic intercepts network traffic via mitmproxy to inspect API calls for authentication flaws, data exposure, and insecure transport across 8 check categories.

SaqAPI reads captured traffic and actively probes API endpoints for injection, broken authentication, rate limiting, and OWASP API Top 10 vulnerabilities.

Scoring

Each target receives a score from 0 to 100 based on the severity and quantity of findings. Scores are weighted: critical findings carry the most penalty, while informational findings carry none. All four tools share the same scoring model for consistency.

Responsible Disclosure

We follow responsible disclosure practices. Developers are contacted before any report is published and given a minimum 90-day window to address findings. We do not perform active exploitation or access backend systems beyond what our tools probe — all analysis targets publicly available artifacts and endpoints.

Contact

For questions about our research or to request a security assessment, contact us at research@saqtech.com.