Whitelisting domains in mobile scans

This video walks through creating mobile scans with whitelisted domains.

Go to report.ostorlab.co

1. Introduction

By whitelisting domains, you can allow for in-scope testing and avoid testing out-of-scope targets

2. Click here

Initiate the process by clicking the "New Scan" icon.

3. Select the asset type

Choose the asset type. This can either be Play Store, App Store, Android APK or Android AAB, iOS IPA, or iOS Test Flight. For this example, we'll select Play Store.

4. Provide the target

Provide the scan target.

5. Click "Continue"

Progress to the next step by clicking continue.

6. Click "Full Scan"

Select the Full Scan option to thoroughly evaluate the security of your app against whitelisted domains.

7. Click "Continue"

Confirm your choice to proceed by clicking continue.

8. Select Test Credentials

Select the test credentials to use. This step is optional.

9. Click "Continue"

Click continue to proceed to the next step.

10. Provide the domains to whitelist

Enter the domains to whitelist. You can provide multiple domains by adding each one on a new line. The domains can also be provided as regular expressions.

11. Click "submit"

Finalize the creation of your mobile scan by clicking submit.

12. Click "Proceed"

Click proceed to create the scan.

13. Click "show"

Click Show to go to the list of scans.

14. List of scans

The scan will be listed in the scans table.

This video walked through creating mobile scans with whitelisted domains, allowing for in-scope testing and avoid testing out-of-scope targets.