HCLSoftware has been on a mission to relentlessly innovate HCL AppScan Portfolio and align it to the changing needs of the market. Continuing with that approach, we have transitioned the scanning solution for “mobile applications” to a new approach which is a combination of testing technologies on both the client-side applications and the backend application/service. Take a moment to read Eitan Worcel’s blog on securing all parts of your mobile application.
Application security testing must cover the complete solution to be effective. AppScan’s breadth of language support (including mobile) in SAST and our new support for IAST security testing provides better coverage for the entire solution whether the client is running their application on a browser, desktop, or mobile OS. In the past, the adoption of frameworks that abstracted the device-specific capabilities limited the ability for our apk and ipa scanning (mobile analyzer) to provide broad coverage for our customers.
For these reasons, in 2020, AppScan invested in broad mobile language coverage in our static scanning and transitioned our mobile client scanning capability to use SAST in the AppScan on Cloud service in November 2020. This also meant that all *new* subscriptions since that date no longer offered the scanning of apk or ipa files. For subscriptions that commenced prior to November 2020, organizations were permitted to continue to leverage the apk and ipa scanning. Coming in October 2021, AppScan’s mobile scanning capability will transition to this new SAST approach for *all* users. Organizations that currently have access to the mobile analyzer technology may continue to scan apk and ipa files until 30th September 2021.
AppScan on Cloud subscriptions entitles organizations to SAST and DAST. Both technologies allow you to implement application security testing at different points in your development lifecycle or pipeline. AppScan on Cloud also has a broad set of integrations with the popular IDEs and CI/CD tools. SAST scanning makes it easy to add the scanning of your mobile application code early in the pipeline.
Using SAST to scan your mobile client leverages the same tools you may already use for SAST with your web or desktop applications. If you are not familiar with using SAST, here are some videos on how to perform SAST scanning on AppScan on Cloud.
To learn more, see the videos below or check out our YouTube Channel This is AppScan:
Creating a SAST scan via AppScan Go! for a mobile client project.
Creating a SAST scan using AppScan Go! config with Jenkins.
Nice article about mobile applications.