How to test App Authenticity in Worklight Application

0
votes

I have configured and enabled the App Authenticity in my application using custom Security. Added the security test property in my Application discriptor xml file. In my worklight console the respective application gives me the option to enable the App Authenticity.

Now how to test this feature. Fail case senario. How to explicitly fail the client app for app authenticity. My eithcal Hacking team want to perform this testing.

Thanks.

1
ibm-mobilefirstworklight-security

1 Answers

1
votes

Easiest way to simulate it would be to:

  1. Deploy your application to the server, build the generated project and install it on the device. See that it works.
  2. Depending on the environment, in application-descriptor.xml:
    • for Android, alter the signing key used and re-deploy to the server
    • for iOS, alter the bundleId and re-deploy to the server
  3. Re-launch the already install application, it should now fail.


Note:

  • In Worklight 6.2 application authenticity will only work with an external application server that Worklight Server is deployed to. Otherwise the feature will "always work" when testing in the Worklight Development Server.

  • In Worklight 6.1 application authenticity will use a "dummy" challenge when used in the Worklight Developer edition; to really test the feature in v6.1, you must use Worklight Studio and Server based on the Consumer or Enterprise editions.