Invicti IAST for ASP .NET
Invicti IAST Network Prerequisites IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine. |
How to deploy Invicti IAST for ASP .NET websites
This section describes how to deploy Invicti IAST to an ASP.NET (including .NET core) web application.
- Download the Invicti IAST agent for your Target.
- Install Prerequisites on the server hosting the website. (The Invicti IAST Injector.exe application requires Microsoft .NET Framework 3.5 or higher).
- Copy the Invicti IAST installation file dotnet-iastsensor.zip to the server hosting the .NET website.
- Extract the dotnet-iastsensor.zip file, navigate to the .NET Framework subfolder, and launch the Injector.exe file.
- On start-up, the Injector will retrieve a list of .NET applications installed on your server. Select which applications you would like to enhance with the Invicti IAST Technology and click Install .NET IAST Sensor to install the Invicti IAST Technology sensor in the selected .NET applications.
- Once the sensor has been installed, close the confirmation window and also the Invicti IAST manager.
How to disable and remove Invicti IAST for ASP .NET websites
To remove and disable Invicti IAST from your website:
- Launch Injector.exe.
- Select the website where the Invicti IAST agent is deployed and click Remove .NET IAST Sensor to remove the Invicti IAST agent from the site.
- Close the Injector.exe application.
How to deploy and remove Invicti IAST using the command line
After copying and extracting the dotnet-iastsensor.zip file to the server hosting the .NET website, you can deploy and remove the Invicti IAST agent to your web application, and also list available web applications, as follows:
C:\Users\Administrator\Desktop\dotnet-iastsensor>injector -m inject -t http://localhost:80/ |
- The -m switch can be:
- inject - to inject the Invicti IAST agent into a web application
- uninject - to remove the Invicti IAST agent from a web application
- list - to list the web application on the web server
- The -t switch should specify the URL for which you wish to inject or remove the Invicti IAST agent
|
How to deploy Invicti .NET IAST sensor manually
- Download the Invicti IAST agent for your Target.
- Extract the downloaded ZIP file to any directory. For this illustration, we used the following folder: C:\ProgramData\InvictiPlatform\iastsensor
- Open Powershell or CMD with administrator privileges.
- Navigate to the .NET Framework folder.
- Run the following command: .\Injector.exe -m extract
- Copy the newly created DLLs and settings.ini to the target application’s bin folder similar to the following:
- Open settings.ini and edit the entry ‘log.path’ to reflect ‘log.path=C:\inetpub\temp\IIS Temporary Compressed Files\logs’
- To install the IIS HTTP Module, add the following to the web application’s web.config:
<configuration> |
- To load the SensorModule.dll .NET profiler, you need to add the following environment variable; do this by changing the IIS application-host config file: “%windir%\System32\inetsrv\config\applicationHost.config”
SENSOR_SETTINGS_PATH=<SensorRoot>/settings.ini |
- Restart the test application in IIS. (You might need to restart W3SVC service for the changes to take effect.)
Run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.
Invicti IAST should generate logs inside the directory you entered in the settings.ini file. If you experience any issues, submit a ticket through our Help Center and include these logs.