HCL Software has been on a mission to relentlessly innovate HCL AppScan Portfolio and align it to the changing needs of the market. Continuing with that approach, we have transitioned the scanning solution for “mobile applications” to a new approach which is a combination of testing technologies on both the client-side applications and the backend application/service. Take a moment to read Eitan Worcel’s blog on securing all parts of your mobile application.

Application security testing must cover the complete solution to be effective. AppScan’s breadth of language support (including mobile) in SAST and our new support for IAST security testing provides better coverage for the entire solution whether the client is running their application on a browser, desktop, or mobile OS. In the past, the adoption of frameworks that abstracted the device-specific capabilities limited the ability for our apk and ipa scanning (mobile analyzer) to provide broad coverage for our customers

AppScan Support LanguagesFor these reasons, in 2020, AppScan invested in broad mobile language coverage in our static scanning and transitioned our mobile client scanning capability to use SAST in the AppScan on Cloud service in November 2020. This also meant that all *new* subscriptions since that date no longer offered the scanning of apk or ipa files. For subscriptions that commenced prior to November 2020, organizations were permitted to continue to leverage the apk and ipa scanning. Coming in October 2021, AppScan’s mobile scanning capability will transition to this new SAST approach for *all* users. Organizations that currently have access to the mobile analyzer technology may continue to scan apk and ipa files until 30th September 2021.

AppScan on Cloud subscriptions entitles organizations to SAST and DAST. Both technologies allow you to implement application security testing at different points in your development lifecycle or pipeline.  AppScan on Cloud also has a broad set of integrations with the popular IDEs and CI/CD tools.  SAST scanning makes it easy to add the scanning of your mobile application code early in the pipeline. 

Using SAST to scan your mobile client leverages the same tools you may already use for SAST with your web or desktop applications. If you are not familiar with using SAST, here are some videos on how to perform SAST scanning on AppScan on Cloud. 


To learn more, see the videos below or check out our YouTube Channel This is AppScan:

Creating a SAST scan via AppScan Go! for a mobile client project.

Creating a SAST scan using AppScan Go! config with Jenkins.

Comment wrap
Further Reading
Secure DevOps | June 24, 2022
Automatic Issue Correlation Now Part of HCL AppScan
There is no silver bullet that can solve the application security challenge. Each of the core technologies (IAST, DAST, and SAST) has strengths and weaknesses.Auto Issue Correlation allows us to leverage the strengths of each technology, while overcoming weaknesses with the advantages of the others. Furthermore, Auto Issue Correlation enhances your AST capabilities, improves your prioritization process and reduces remediation time and effort.
Secure DevOps | June 6, 2022
Guide To Reliable Application Security Testing Software
Looking for a secure solution for fast, accurate, and agile application security testing? You can come across reliable market-leading web application security testing facilities that quickly detect system vulnerabilities. Read the blog to know more.
Secure DevOps | May 20, 2022
New Vulnerability in Spring Framework Detected
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).
Filters result by