Application Security Platform
Invicti IAST

Deploying Invicti Node.js IAST sensor

This document is for:
Invicti Platform

Invicti IAST Network prerequisites

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

Before deploying Invicti IAST, note the list of supported servers and frameworks.

Supported Servers and Frameworks

NodeJS Runtime

  • Tested on Windows: v10, v12, v14, v16, v18, v20
  • Tested on Ubuntu 20: v10, v12, v14, v16, v18, v20

Database Clients

  • better-sqlite3
  • Knex (PostgreSQL, CockroachDB, MSSQL, MySQL, MariaDB, SQLite3, Better-SQLite3, Oracle, and Amazon Redshift)
  • MySQL
  • PostgreSQL
  • Sequelize (Oracle, Postgres, MySQL, MariaDB, SQLite and SQL Server)
  • SQLite3

Routers

  • Director
  • Express
  • find-my-way
  • koa-router
  • LoopBack 4
  • Restify
  • Router

Templating

  • EJS
  • Handlebars
  • Pug

Others

  • Axios (http-request)
  • ldapjs (ldapquery)
  • Libxmljs (xmlparser)
  • Needle (http-request)
  • Nodemailer (sendmail)

To deploy Invicti IAST, you should remember that we need to invoke the sensor when launching the Node application.

Deploying Invicti IAST requires the following steps.

Step 1: Downloading Invicti IAST for your Target

The instructions to download the Invicti IAST file can be found here: https://www.invicti.com/support/application-security-platform/introduction-to-invicti-iast/.

Step 2: Copy the Invicti IAST to the Target

For the purposes of this document, we will assume that we will create a dedicated folder inside your operating system's ROOT folder to hold the Invicti IAST file.

Under Windows:

  • Create a folder "C:\iastsensor\"
  • Copy the node-iastsensor.tar file into "C:\iastsensor\"

Under Linux:

  • Create a folder "/iastsensor" with the following command:
  • mkdir /iastsensor/
  • Use "cd" to navigate to the folder which contains your downloaded Invicti IAST file and run the following command:
  • cp node-iastsensor.tar /iastsensor/

Step 3: Launch your Node.js web application invoking the Invicti IAST

Under Windows:

  • Use "cd" to navigate to the folder that contains your web application (where the "app.js" file resides) and run the following commands:
  • npm install \iastsensor\node-iastsensor.tar --no-save
  • npx node-iastsensor app.js

Under Linux:

  • Use "cd" to navigate to the folder that contains your web application (where the "app.js" file resides) and run the following commands:
  • npm install /iastsensor/node-iastsensor.tar --no-save
  • npx node-iastsensor app.js

Uninstall Invicti IAST

For Windows:

  • Navigate to the folder where the Invicti IAST sensor is installed and run this command:
  • npm remove node-iastsensor
  • Remove the "C:\iastsensor\node-iastsensor.tar" file and then remove the "C:\iastsensor" folder

For Linux:

  • Navigate to the folder where the Invicti IAST sensor is installed and run these commands:
  • npm remove node-iastsensor
  • rm -rf /iastsensor

Note: Although Invicti IAST sensor files are secured with a unique strong built-in password, it is recommended that the Invicti IAST sensor files are uninstalled and removed from the web application if they are no longer in use.


Share This Article