KOR

FAQ

Frequently Asked Questions
Answer to Common Questions
FAQ Visual Filter
Analysis
Q.
How to reduce the analysis time?

A

While reducing analysis time is possible, it can impact results. Shortening the analysis may lead to detecting fewer vulnerabilities. Here are ways to reduce analysis time:

Dynamic Analysis:
1. URL Crawling Depth: Set to “”low”” to analyze fewer linked pages.
2. DOM Crawling Depth: Limit the depth of exploration within each page.
3. Event Performance per Page: Reduce the number of simulated events to analyze.

Static Analysis:
1. Checker Selection: Choose specific checkers instead of running all available ones.
2. Code Scope: Narrow down the codebase for analysis to focus on specific areas.

Dynamic Analysis
Q.
Can I perform dynamic analysis on any websites?

A

No. Sparrow Cloud’s dynamic analysis safeguards against misuse by verifying ownership of the servers used for analysis. To enable this, simply copy the provided project key file from Sparrow Cloud and place it in the designated directory (the target server’s root directory). For projects without the project key files in the designated directory, dynamic analysis will not be performed.

License
Q.
How can I purcahse a license?

A

A license is required to use Sparrow Cloud. If you would like to purchase a license:
1. Log in to your Sparrow Cloud account.**
2. Head to the Purchase menu at the top.
3. Choose the license that best suits your needs.
4. Review your order details on the right, carefully read the terms and conditions, and tick the box to agree.
5. Click the Order button and proceed with your preferred payment method.

Miscel.
Q.
Is my uploaded source code safe?

A

Sparrow Cloud securely manages your uploaded source code and never accesses it. You can delete your code directly at any time. Additionally, for inactive accounts, the code will be automatically deleted after one year.

Miscel.
Q.
What is the difference between Sparrow’s on-premise solution and Sparrow Cloud?

A

The biggest difference is that Sparrow Cloud does not require any installation. While its analysis features are nearly identical, the on-premises version boasts a wider range of functionalities. For instance, it offers management features, customization capabilities, detailed statistics, customer checkers, and even C/C++ language support, just to name a few.

Dynamic Analysis
Q.
What is the project key and where should I place the key file?

A

To confirm ownership of the application you’re analyzing, place the project key file provided by Sparrow Cloud in your domain’s root directory.

Static Analysis
Q.
What programming languages are supported for static analysis?

A

Sparrow Cloud currently supports the following 17 programming languages:
Java, JSP, C#, XML, PHP, ASP.NET, VB.NET, JavaScript, VBScript, Android Java, Objective-C, HTML, SQL, ABAP, Python, Swift, Kotlin.