Application Security Platform
Invicti IAST for JAVA

Installing Invicti IAST Agent for Java websites

This document is for:
Invicti Platform

Before deploying Invicti IAST, note the list of supported servers and frameworks.

Supported Servers and Frameworks

Java Runtime

For any Java Runtime environment that is implemented according to these specifications, the supported versions are:

  • 8.x
  • 11.x
  • 17.x
  • 21.x

Application Servers

  • Apache Tomcat:
  • v8.5.x
  • v9.x
  • v10.0.x
  • v10.1.x
  • Jetty
  • v10.0.x
  • V11.0.x
  • v12.0.x
  • WildFly v22.x and above
  • JBoss EAP
  • v7.4.x
  • WebSphere Traditional
  • 8.5.5.18+
  • 9.0.5.5+
  • WebSphere Liberty 20.0.0.9+

Database Engines

  • MySQL
  • PostgreSQL
  • Microsoft SQL Server
  • DB2
  • Oracle
  • Sybase
  • SQLite
  • H2

Other Technologies

  • Axis
  • Freemarker
  • Velocity
  • Hibernate
  • J2EE - Servlet/JSP
  • Struts 2
  • Spring Web, Spring Boot
  • Spring Expression, Java Expression Language (EL)
  • JAX-RS and Jersey
  • JavaMail
  • JPA
  • java.beans
  • SAX, DOM
  • JNDI - LDAP

Invicti IAST Network Prerequisites:

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

The Invicti IAST agent will need to be installed in your web application. The following section describes how to deploy Invicti IAST to a Java web application.

How to install the Invicti JAVA IAST agent

To install the Invicti Java IAST sensor, you need to:

  1. Download the Invicti Java IAST agent (iastsensor.jar) from the Target’s Settings in the Invicti Platform UI.
    The
    Invicti IAST for JAVA download includes the Invicti IAST Token, which, by default, is unique for each target. Unless the Token has been changed to be the same for all targets, you will need to download the Invicti Java IAST sensor for each Target separately.
  2. Save the downloaded Invicti Java IAST sensor to a location on your web server.
  3. Deploy the Invicti Java IAST sensor into your web server. This process differs depending on the web server. There are many possible configurations for a Java web server. The guides linked below look at the more common web server configuration possibilities. Use one of the following links for more information on how to deploy Invicti IAST for Java on your web application:

Share This Article