• 1 reply
  • Latest Post - ‏2013-01-04T21:53:25Z by warrenm1
403 Posts

Pinned topic Scan mobile apps

‏2012-12-20T15:21:09Z |
Does anyone have any suggestions on how to approach the security testing of mobile apps accross all kinds of platforms?
Is there a solution in the appscan suite, or in the foreseeable future?

And a happy new year to you
  • warrenm1
    224 Posts

    Re: Scan mobile apps


    Both Appscan Standard and Enterprise now contain User agent headers to emulate mobile browsers in their Explore Options.
    Additionally if you had particular applications the automatic explore had issues covering in Appscan Standard you could also proxy in HTTP traffic from external sources by adding a registry key as follows:
    -Navigate to HKEY_CURRENT_USER\Software\IBM\Rational AppScan\Communication\Proxy
    -Create a new registry key of type String Value named IPAddr and set the value to (or any other IP address you want Rational AppScan Standard proxy to listen)
    NOTE: When the value of IPAddr registry key is set to, Rational AppScan Standard proxy will listen to all the traffic on it's network. It's recommended to configure an actual IP address instead.
    If you open a manual explore in appscan you will open the proxy port listed in Tools/Options - and configure your external device/source to go through that proxy, when you close the manual explore window that traffic will be captured and you can run a test phase against it.