Run an iOS Mobile Scan

Upload the IPA file.

About this task

Support: iOS versions between 7 and 13.3 inclusive are supported (lower versions have not been tested but might work), and all versions of Swift up to and including 5.
Limitations:
  • Scanning the IPA file used for App Store distribution is not supported.
  • Apps that require a client-side certificate are not supported.
  • Apps that require MDM (mobile device management) software to be installed on the mobile device are not supported.
  • Scanning iMessage Apps is not supported.
  • Scanning apps that are built only for 32-bit devices is not supported.
  • Xamarin apps are not supported

Procedure

  1. Create the IPA file.
    Note: If your app requires entitlements, refer to Apps that require entitlements when creating the IPA file.
  2. If your app connects to a back-end server that is not available on the Internet ("private app") and an AppScan Presence does not yet exist on that server: Create an AppScan Presence.
  3. If you not yet done so: Create an application for your scans.
  4. In the Application, click Create Scan to open the wizard, then click Mobile Analysis to start configuring your scan.
  5. Upload File tab: Drag-and-drop your IPA file into the gray area (or Click to select the file), then click Next.
  6. Login tab: If your app requires users to log in, select Yes and enter a valid user name and password, so that ASoC is able to log in to the app to test it.
    You can also optionally enter a third credential, if needed, for example: PIN# = 1234
    Tip: Use test credentials rather than the credentials of an actual user.
  7. Advanced Mode (Optional): To configure a scan for a private network, or if you want the scan to run as a Personal scan, turn on Advanced Mode at the bottom of the dialog.
    1. Private Network tab: Click the Private Network radio button and then select your presence from the list of connected presences.
      Note: If an AppScan Presence has not yet been created, you can create it now by clicking the AppScan Presences page link, and referring to Creating the AppScan Presence.
    2. Preferences tab: You can opt to run your scan as a Personal Scan whose security issues will not be added to the issues for the application as a whole. You can also deselect the default option that sends you an email when the scan completes.
  8. Click Review and Scan to proceed to the summary dialog.
  9. You can optionally edit the default name that was given to the scan (the IPA file name with a date and time stamp).
  10. Click Scan Now.

Results

The new scan is added to the Scans view with its starting time, and a progress bar indicates that the scan is running. When the scan is complete the progress bar closes, the results are summarized in a graph, and (if selected) you receive an email notification. See Working with Scan Results.
Note: Free plan scans are limited to four hours in length, so large or complex sites may not be completely covered by these.