Application Security Platform
Invicti IAST

Invicti IAST for Node.js – AWS Elastic Beanstalk

This document is for:
Invicti Platform

Invicti IAST Network Prerequisites

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

This document explains how you can run a Node.js application in AWS Elastic Beanstalk and then use Invicti IAST to run an interactive application security testing (IAST) scan for that application.

There are four steps to these instructions:

  1. Create your Target in Invicti Platform
  2. Create your application source code bundle
  3. Deploy your web application to AWS Elastic Beanstalk
  4. Test and scan your web application

Supported Servers and Frameworks

Before deploying Invicti IAST, note the list of supported servers and frameworks available in the Deploying Invicti Node.js IAST sensor documentation.

Step 1: Create your Target in Invicti Platform

For this example, we will assume that the URL for your Target is http://eb.invictiexample.com.

  1. Create a Target in Invicti Platform with your URL. 
  2. Enable Invicti IAST on the Target Settings page. 
  3. Download the Invicti IAST agent file node-iastsensor.tar and save this file for use later on.

Step 2: Create your application source code bundle

This simple web application will be defined through the following file structure:

  • ~/axexample-nodejs/
  • ~/axexample-nodejs/app.js
  • ~/axexample-nodejs/package.json
  • ~/axexample-nodejs/node-iastsensor.tar

  1. Create your /axexample-nodejs/app.js file to read as follows:

const app = require('express')();

var port = process.env.PORT ||
60000;

app.get(
'/', function (req, res) {
 res.send(
 
'<html><body>' +
 
'<h1>Test Node.js Site Example for AWS Elastic Beanstalk</h1>' +
 
'<br>' +
 
'Hello World! - Main Page' +
 
'<br>' +
 
'<a href="/page1">Goto Page 1</a>' +
 
'</body></html>'
 );
});

app.get(
'/page1', function (req, res) {
 res.send(
 
'<html><body>' +
 
'<h1>Test Node.js Site Example for AWS Elastic Beanstalk</h1>' +
 
'<br>' +
 
'Hello World! - Page 1' +
 
'<br>' +
 
'<a href="/">Goto Main Page</a>' +
 
'</body></html>'
 );
});

app.listen(port,
function(err){
 
if (err) console.log(err);
 console.log(
"Server listening on port: ", port);
});

  1. Create your /axexample-nodejs/package.json file to read as follows:

{
 
"name": "axexample-nodejs",
 
"version": "1.0.0",
 
"dependencies": {
   
"express": "*",
   
"node-iastsensor": "file:node-iastsensor.tar"
 },
 
"scripts": {
   
"start": "npx node-iastsensor.tar app.js"
 }
}

  1. Copy the node-iastsensor.tar file you created earlier into ~/axexample-nodejs/node-iastsensor.tar.
  2. Finally, build the source code bundle with:

cd ~/axexample-nodejs
zip -rq axexample-nodejs.zip .

  1. Download your invicti-nodejs.zip file to your desktop and retain the zip file for the deployment steps below.

Step 3: Deploy your web application to AWS Elastic Beanstalk

  1. From your AWS Dashboard, navigate to Elastic Beanstalk > Environments.

  1. Click Create a new environment.

  1. Set your environment tier to Web server environment, then click Select.

  1. Set the Application name field to the name for your web application. (In this example we have used the name axexample-nodejs).

  1. Set the Platform dropdown to Node.js.

  1. Select the Upload your code option, then click Choose file.

  1. Select your source code bundle for upload and click Create environment. AWS Elastic Beanstalk will now create your environment. This can take a few minutes.

  1. When the process is complete you will be sent to your environment's dashboard. Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk. You will need this to create a CNAME to point to this URL.

  1. Create a CNAME for your URL to point to the new URL THAT was created automatically by AWS Elastic Beanstalk. In our example below we used the Namecheap cPanel interface to point  eb.invictiexample.com to axexamplenodejs-env.eba-affkbc2q.us-east-1.elasticbeanstalk.com.

  1. Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.invictiexample.com).

Step 4: Test and scan your web application

  1. Point your browser to your web application - in this example http://eb.invictiexample.com - to confirm it is running as intended. You will get the following:

  1. Finally, run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.

Share This Article