Appium vs. Salt Security API Protection Platform

1. It's open source which supports range of languages, operating systems and languages. Well suited for Android and IOS mobile automation. Supports all kinds of apps, which makes it flexible and robust mobile testing tool 2. It is less appropriate where we need intercept network call to verify the API calls. Extensive coding experience is required to work Appium

Incentivized

Salt is highly recommended for anyone who wants to discover, monitor and protect their APIs against various types of attacks. Salt should not be used as a SIEM.

• It uses WebDriver API so it makes it easy to use for former web test automation engineers.
• It can be managed via the command line via an extensive set of parameters.
• It handles implicit waits at the server side that is especially valuable in distributed infrastructure.

Incentivized

• PII identification in API traffic.
• Divergence between API traffic and documentation (swagger files).
• Potential attacks with information to take counter measures.

• Element browser sometimes is unreliable and has sporadic fails.
• Appium running is a bit slow, compared to tests written with Appium and with Espresso or XCTest.

Incentivized

• The platform could have more options for exporting detailed data from attackers' dashboards.
• The Attackers dashboard could also have more options of filters in order to support the investigations of the attack.
• The OAS analysis could present a more detailed view of the found issues.

I am rating 10/10 because Appium can use with multiple programming languages with multiple Test engines. Also, it works for both Android and iOS.

Incentivized

I would like to give 9/10 rating to Appium because of it can easily integrate with popular frameworks and CI/CD tools, as well as it is reliable, flexible and easy to use. The setup can bit complex in initial step, but once on configured it's very easy to use and enables stable and scalable mobile automation for real and cloud devices.

Incentivized

If you're an Apple developer, you use Xcode. It's practically a forced necessity. For system testing though, it doesn't have to be. You can have your development team focus on unit and integration tests in their platform and another team automate acceptance tests with a language they are more familiar with.

Incentivized

We tried controls offered by the IaaS providers but these were hard to manage and did not provide the visibility we wanted. We also protected APIs with a normal WAF but this was only helpful for assets we knew about and API attacks were not caught by the WAF.

• Appium is open source, so it's free. That's budget friendly right there.
• The ability to write mobile automation tests has saved considerable time for our manual test team, but that is true with most automation tests.
• We use Sauce Labs with our other automation, but Appium works great with Sauce Labs, as well, if I needed to run on emulators and simulators.

Incentivized

• Salt Security API Protection Platform has provided detailed information that is helping us to identify and investigate attacks in our environment