Does anyone have any suggestions on how to approach the security testing of mobile apps accross all kinds of platforms?
Is there a solution in the appscan suite, or in the foreseeable future?
And a happy new year to you
This topic has been locked.
1 reply Latest Post - 2013-01-04T21:53:25Z by warrenm1
Pinned topic Scan mobile apps
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-04T21:53:25Z at 2013-01-04T21:53:25Z by warrenm1
warrenm1 270001F39C224 PostsACCEPTED ANSWER
Re: Scan mobile apps2013-01-04T21:53:25Z in response to SystemAdminHi,
Both Appscan Standard and Enterprise now contain User agent headers to emulate mobile browsers in their Explore Options.
Additionally if you had particular applications the automatic explore had issues covering in Appscan Standard you could also proxy in HTTP traffic from external sources by adding a registry key as follows:
-Navigate to HKEY_CURRENT_USER\Software\IBM\Rational AppScan\Communication\Proxy
-Create a new registry key of type String Value named IPAddr and set the value to 0.0.0.0 (or any other IP address you want Rational AppScan Standard proxy to listen)
NOTE: When the value of IPAddr registry key is set to 0.0.0.0, Rational AppScan Standard proxy will listen to all the traffic on it's network. It's recommended to configure an actual IP address instead.
If you open a manual explore in appscan you will open the proxy port listed in Tools/Options - and configure your external device/source to go through that proxy, when you close the manual explore window that traffic will be captured and you can run a test phase against it.