Does anyone have any suggestions on how to approach the security testing of mobile apps accross all kinds of platforms?
Is there a solution in the appscan suite, or in the foreseeable future?
And a happy new year to you
warrenm1 270001F39C224 Posts
Re: Scan mobile apps2013-01-04T21:53:25ZThis is the accepted answer. This is the accepted answer.Hi,
Both Appscan Standard and Enterprise now contain User agent headers to emulate mobile browsers in their Explore Options.
Additionally if you had particular applications the automatic explore had issues covering in Appscan Standard you could also proxy in HTTP traffic from external sources by adding a registry key as follows:
-Navigate to HKEY_CURRENT_USER\Software\IBM\Rational AppScan\Communication\Proxy
-Create a new registry key of type String Value named IPAddr and set the value to 0.0.0.0 (or any other IP address you want Rational AppScan Standard proxy to listen)
NOTE: When the value of IPAddr registry key is set to 0.0.0.0, Rational AppScan Standard proxy will listen to all the traffic on it's network. It's recommended to configure an actual IP address instead.
If you open a manual explore in appscan you will open the proxy port listed in Tools/Options - and configure your external device/source to go through that proxy, when you close the manual explore window that traffic will be captured and you can run a test phase against it.