Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Invicti IAST

Invicti IAST for ASP .NET

This document is for:
Invicti Platform

Invicti IAST Network Prerequisites 

IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

How to deploy Invicti IAST for ASP .NET websites

This section describes how to deploy Invicti IAST to an ASP.NET (including .NET core) web application.

  1. Download the Invicti IAST agent for your Target.

  1. Install Prerequisites on the server hosting the website. (The Invicti IAST Injector.exe application requires Microsoft .NET Framework 3.5 or higher).

  1. Copy the Invicti IAST installation file dotnet-iastsensor.zip to the server hosting the .NET website.

  1. Extract the dotnet-iastsensor.zip file, navigate to the .NET Framework subfolder, and launch the Injector.exe file.

  1. On start-up, the Injector will retrieve a list of .NET applications installed on your server. Select which applications you would like to enhance with the Invicti IAST Technology and click Install .NET IAST Sensor to install the Invicti IAST Technology sensor in the selected .NET applications.

  1. Once the sensor has been installed, close the confirmation window and also the Invicti IAST manager.

How to disable and remove Invicti IAST for ASP .NET websites

To remove and disable Invicti IAST from your website:

  1. Launch Injector.exe.

  1. Select the website where the Invicti IAST agent is deployed and click Remove .NET IAST Sensor to remove the Invicti IAST agent from the site.

  1. Close the Injector.exe application.

How to deploy and remove Invicti IAST using the command line

After copying and extracting the dotnet-iastsensor.zip file to the server hosting the .NET website, you can deploy and remove the Invicti IAST agent to your web application, and also list available web applications, as follows:

C:\Users\Administrator\Desktop\dotnet-iastsensor>injector -m inject -t http://localhost:80/
Target Found. Injecting sensor to: http://localhost:80/

C:\Users\Administrator\Desktop\dotnet-iastsensor>injector -m uninject -t http://localhost:80/
Target Found. Uninjecting sensor from: http://localhost:80/

C:\Users\Administrator\Desktop\dotnet-iastsensor>injector -m list
http://localhost:80/


C:\Users\Administrator\Desktop\dotnet-iastsensor>

  • The -m switch can be:
  • inject - to inject the Invicti IAST agent into a web application
  • uninject - to remove the Invicti IAST agent from a web application
  • list - to list the web application on the web server
  • The -t switch should specify the URL for which you wish to inject or remove the Invicti IAST agent

  • If the web application is at the root of a URL path, you MUST include a forward slash at the end of the URL (in this example, http://localhost:80/).
  • If the web application is in a subfolder, you MUST NOT include a forward slash at the end of the URL (in this example, http://localhost:80/yaf_forums).
  • Although the Invicti IAST agent is secured with a strong password, it is recommended that the Invicti IAST agent files be uninstalled and removed from the web application if they are no longer in use.

How to deploy Invicti .NET IAST sensor manually

  1. Download the Invicti IAST agent for your Target.

  1. Extract the downloaded ZIP file to any directory. For this illustration, we used the following folder: C:\ProgramData\InvictiPlatform\iastsensor

  1. Open Powershell or CMD with administrator privileges.

  1. Navigate to the .NET Framework folder.

  1. Run the following command: .\Injector.exe -m extract

  1. Copy the newly created DLLs and settings.ini to the target application’s bin folder similar to the following:

  1. Open settings.ini and edit the entry ‘log.path’ to reflect ‘log.path=C:\inetpub\temp\IIS Temporary Compressed Files\logs’

  1. To install the IIS HTTP Module, add the following to the web application’s web.config:

<configuration>
 <system.webServer>
   <modules>
     <add name="InvictiSensorModule" type="SensorModule.RequestsHandlerModule, SensorModule, version=5.0.0.0, culture=neutral, publicKeyToken=068f0ac6f5c4405b" />
   </modules>
 </system.webServer>
</configuration>

  1. To load the SensorModule.dll .NET profiler, you need to add the following environment variable; do this by changing the IIS application-host config file: “%windir%\System32\inetsrv\config\applicationHost.config”

SENSOR_SETTINGS_PATH=<SensorRoot>/settings.ini

  1. Restart the test application in IIS. (You might need to restart W3SVC service for the changes to take effect.)

Run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.

Invicti IAST should generate logs inside the directory you entered in the settings.ini file. If you experience any issues, submit a ticket through our Help Center and include these logs.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article