start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

HCLSoftware has been on a mission to relentlessly innovate HCL AppScan Portfolio and align it to the changing needs of the market. Continuing with that approach, we have transitioned the scanning solution for “mobile applications” to a new approach which is a combination of testing technologies on both the client-side applications and the backend application/service. Take a moment to read Eitan Worcel’s blog on securing all parts of your mobile application.

Application security testing must cover the complete solution to be effective. AppScan’s breadth of language support (including mobile) in SAST and our new support for IAST security testing provides better coverage for the entire solution whether the client is running their application on a browser, desktop, or mobile OS. In the past, the adoption of frameworks that abstracted the device-specific capabilities limited the ability for our apk and ipa scanning (mobile analyzer) to provide broad coverage for our customers

AppScan Support LanguagesFor these reasons, in 2020, AppScan invested in broad mobile language coverage in our static scanning and transitioned our mobile client scanning capability to use SAST in the AppScan on Cloud service in November 2020. This also meant that all *new* subscriptions since that date no longer offered the scanning of apk or ipa files. For subscriptions that commenced prior to November 2020, organizations were permitted to continue to leverage the apk and ipa scanning. Coming in October 2021, AppScan’s mobile scanning capability will transition to this new SAST approach for *all* users. Organizations that currently have access to the mobile analyzer technology may continue to scan apk and ipa files until 30th September 2021.

AppScan on Cloud subscriptions entitles organizations to SAST and DAST. Both technologies allow you to implement application security testing at different points in your development lifecycle or pipeline.  AppScan on Cloud also has a broad set of integrations with the popular IDEs and CI/CD tools.  SAST scanning makes it easy to add the scanning of your mobile application code early in the pipeline. 

Using SAST to scan your mobile client leverages the same tools you may already use for SAST with your web or desktop applications. If you are not familiar with using SAST, here are some videos on how to perform SAST scanning on AppScan on Cloud. 


To learn more, see the videos below or check out our YouTube Channel This is AppScan:

Creating a SAST scan via AppScan Go! for a mobile client project.

Video image Video Play Button

Creating a SAST scan using AppScan Go! config with Jenkins.

Video image Video Play Button
Comment wrap
Secure DevOps | June 26, 2024
Important Announcement: HCL AppScan Plans Licensing Changes to Take Effect June 2025
HCL AppScan announces a 12-month roadmap for enhanced features across all solutions. New licensing model, updated distribution platform, and end-of-support for older versions.
Secure DevOps | May 14, 2024
HCL AppScan 360º: Unlocking Scalability and Efficiency
HCL AppScan 360º gets a major upgrade! Kubernetes-powered architecture brings easier scaling, simplified management and stronger security. Learn more!
Secure DevOps | February 12, 2024
Mobile Application Security Testing Continues Upward Trajectory
Cybersecurity threats on the rise? Secure your mobile apps with HCL AppScan. Top-tier solutions for developers in a $3.2B market. Learn more from the Forrester Wave™ report (Q3, 2023).