Installing Invicti IAST Agent for Java websites

Before deploying Invicti IAST, note the list of supported servers and frameworks.

The Invicti IAST agent will need to be installed in your web application. The following section describes how to deploy Invicti IAST to a Java web application.

How to install the Invicti JAVA IAST agent

To install the Invicti Java IAST sensor, you need to:

1. Download the Invicti Java IAST agent (iastsensor.jar) from the Target’s Settings in the Invicti Platform UI.
   The Invicti IAST for JAVA download includes the Invicti IAST Token, which, by default, is unique for each target. Unless the Token has been changed to be the same for all targets, you will need to download the Invicti Java IAST sensor for each Target separately.
2. Save the downloaded Invicti Java IAST sensor to a location on your web server.
3. Deploy the Invicti Java IAST sensor into your web server. This process differs depending on the web server. There are many possible configurations for a Java web server. The guides linked below look at the more common web server configuration possibilities. Use one of the following links for more information on how to deploy Invicti IAST for Java on your web application:

• Deploying the Invicti IAST Agent for Java - Tomcat (Windows/Linux/Docker)
• Deploying the Invicti IAST Agent for Java - Docker (Spring Boot)
• Deploying the Invicti IAST for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)
• Deploying the Invicti IAST for Java - Windows/Linux (Jetty 10.0.10 + WAR File)
• Deploying the Invicti IAST for Java - Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR File)
• Deploying the Invicti IAST for JAVA – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)
• Scanning an Application in AWS Elastic Beanstalk (Tomcat + WAR File)