Application Security Platform
Invicti IAST for JAVA

Invicti IAST for JAVA – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)

This document is for:
Invicti Platform

This guide explains how you can run a Java application in WebSphere Liberty and then use Invicti IAST to run an interactive application security testing (IAST) scan for that application.

This document assumes WebSphere is installed in /opt/wlp

Step 1: Prepare Invicti IAST for Java

In this example, the test application is deployed to the following URL: http://websphere-backend-proto.invicti.site:9080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).

  1. Create a new target for your URL.
  2. Download Invicti IAST for Java from the Invicti Platform UI and retain the iastsensor.jar file for the next step.
  3. On the WebSphere machine:
  • Create a root folder /iastsensor
  • Copy the iastsensor.jar file to /iastsensor/iastsensor.jar

Step 2: Deploy Invicti IAST and required components

  1. On the WebSphere machine:
  • Create a file /opt/wlp/usr/servers/defaultServer/jvm.options, and set the contents as follows:

-javaagent:/iastsensor/iastsensor.jar
-Diastsensor.debug.log=ON

Step 3: Deploy your application

  1. Copy your axexample-java.war file into the /opt/wlp/usr/servers/defaultServer/dropins folder.
  2. From the terminal, restart WebSphere with:

/opt/wlp/bin/server stop
/opt/wlp/bin/server start

Step 4: Test and scan your web application

  1. Point your browser to your web application to confirm it is running as intended.
  2. Run a scan on your target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.

Share This Article