Enable Invicti IAST
Invicti IAST increases the accuracy of an Invicti scan by improving the crawling, detection, and reporting of vulnerabilities while decreasing false positives. Invicti IAST can be used on .NET (including .NET core), JAVA, PHP, and Node.js web applications.
Invicti IAST Resource Consumption The sensor has only a very minimal impact on resources on the Target machine — less than 1% in lab test results. |
The unique Invicti IAST Technology identifies more vulnerabilities than a black-box Web Application Scanner while generating fewer false positives. In addition, it indicates exactly where vulnerabilities are detected in your code and reports debug information.
Deploying Invicti IAST into your Target is optional. Invicti is still best in class as a black-box scanner, but the sensor improves accuracy and vulnerability results when scanning your web applications. |
Invicti IAST requires a sensor to be deployed on your website. This sensor is generated uniquely for each website for security reasons.
Steps to enable Invicti IAST
- Select Inventory > Targets from the left-side menu.
- Click the three dots (⋮) for the chosen target and select Edit.
- Select Invicti IAST, and click Yes in the Enable IAST sensor field.
- From here, download the Invicti IAST sensor generated for this specific target and proceed with the deployment steps described in the documents linked below.
Steps to reset the sensor token
The Sensor token is similar to a unique key or password. It is used for secure communication between the Invicti Scanner and the Invicti IAST Agent.
If you wish to change the token for an Invicti IAST agent (for example, to invalidate an old token or to use the same Invicti IAST Agent file for more than one target), follow the steps below:
- Select Inventory > Targets from the left-side menu.
- Click the three dots (⋮) for the chosen target and select Edit.
- Scroll down to the IAST sensor section.
- Click the reset button.
- Confirm token reset in the pop-up dialog.
- The new token will be successfully generated.
- Re-deploy the Invicti IAST Agent to your target web application using the new token before starting a new scan.
Networking prerequisites and permissions
Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.
The permissions required to deploy Invicti IAST depend on the configuration of the web server. In general, an admin user should be used to install an IAST Sensor since the installation needs to configure the web application to load the sensor.
Manual installation guides
These documents cover how to manually install the IAST sensor for various programming languages and frameworks. Manual installation is intended for environments where web applications are running directly on traditional servers (e.g., bare metal, VMs) rather than containerized environments. These instructions typically involve copying the IAST sensor file and modifying environment or server-level configuration files.
Containerized deployment guides (Docker)
These documents explain how to deploy the IAST sensor in Dockerized environments, where your application runs inside containers. These deployment processes involve layering the IAST sensor into your Docker images or configuring it as part of your container setup. Use these guides if your application runs in a CI/CD pipeline or within container orchestration environments.
- Deploy IAST Sensor for PHP – Docker
- Deploy IAST Sensor for ASP .NET Core
- Deploy IAST Sensor for Node.js – Docker