Configuring your iOS or Android app for a security scan is crucial for identifying vulnerabilities and ensuring the safety of your users. This step-by-step guide will walk you through the process of setting up your mobile app for a comprehensive security assessment. By following these instructions, you’ll provide all necessary information and files needed to conduct a thorough evaluation and secure your application against potential threats.
Access the Scanner Setup
To begin, navigate to the Targets page and click on the Setup Target button.
You will be directed to the target setup wizard, where you can update and configure the target.
Breakdown of each step
1. Get Started
Begin by providing fundamental details about your application:
Application Name: Enter a distinct name for your mobile app. This will help you easily identify the app in the dashboard.
Business Name: Provide your company’s name, which will be used in the scan results and any certificates issued.
With these details entered, you’re ready to proceed to the next step.
2. App Details
Provide detailed information about your app to help Astra’s AI generate customized test cases:
AI Features: Enable AI-driven test case generation by toggling the relevant option.
App Overview: Describe your app’s purpose, key functionalities, and the technologies used (e.g., React Native, Swift, Kotlin).
Key Features: List 5-10 critical features of your app that should be the focus of the security tests, such as user authentication, payment systems, or location services.
3. Upload IPA/APK File
Upload your app’s build for security testing:
IPA/APK File: Drag and drop the IPA (for iOS) or APK (for Android) file into the upload area. This file is crucial for conducting a comprehensive pentest of your app.
App Store Link (Optional): If your app is live, you can provide its App Store or Google Play link for cross-referencing with the scanned version.
| Note: Providing a valid IPA or APK file is essential for the scan and final security certificate issuance.
4. User Roles
If your app supports multiple user roles, configure the scan to test each role:
User Credentials: Enter the credentials for different user roles to ensure the scan covers all access levels. This is important for identifying vulnerabilities in restricted areas of the app.
Click the “Add Another User Role” button to include additional roles and credentials as needed.
5. Payment Details
Configure the payment details for testing the app’s payment functionalities:
Dummy/Test Payment Information: Enter test card details (Card Name, Card Number, Expiry Month, CVV) for verifying payment processes within your app. This information is used exclusively for testing and does not expose real financial data.
This step ensures the security of your app’s payment gateway.
6. Complete Setup
Review all the details you’ve provided and click on Complete Setup to finalize your configuration.
Your iOS or Android app is now set up for a comprehensive security scan. Once you have completed these steps, you can initiate the scan to identify potential vulnerabilities.
| If you need any assistance or have questions, please contact our support team.