Installing Invicti IAST Agent for Java websites
Before deploying Invicti IAST, note the list of supported servers and frameworks.
Supported Servers and Frameworks | |
Java Runtime | For any Java Runtime environment that is implemented according to these specifications, the supported versions are:
|
Application Servers |
|
Database Engines |
|
Other Technologies |
|
Invicti IAST Network Prerequisites: Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine. |
The Invicti IAST agent will need to be installed in your web application. The following section describes how to deploy Invicti IAST to a Java web application.
How to install the Invicti JAVA IAST agent
To install the Invicti Java IAST sensor, you need to:
- Download the Invicti Java IAST agent (iastsensor.jar) from the Target’s Settings in the Invicti Platform UI.
The Invicti IAST for JAVA download includes the Invicti IAST Token, which, by default, is unique for each target. Unless the Token has been changed to be the same for all targets, you will need to download the Invicti Java IAST sensor for each Target separately. - Save the downloaded Invicti Java IAST sensor to a location on your web server.
- Deploy the Invicti Java IAST sensor into your web server. This process differs depending on the web server. There are many possible configurations for a Java web server. The guides linked below look at the more common web server configuration possibilities. Use one of the following links for more information on how to deploy Invicti IAST for Java on your web application:
- Deploying the Invicti IAST Agent for Java - Tomcat (Windows/Linux/Docker)
- Deploying the Invicti IAST Agent for Java - Docker (Spring Boot)
- Deploying the Invicti IAST for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)
- Deploying the Invicti IAST for Java - Windows/Linux (Jetty 10.0.10 + WAR File)
- Deploying the Invicti IAST for Java - Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR File)
- Deploying the Invicti IAST for JAVA – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)
- Scanning an Application in AWS Elastic Beanstalk (Tomcat + WAR File)