Invicti IAST for Node.js – Docker
Invicti IAST Network Prerequisites Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine. |
The most principled way of deploying Invicti IAST in a Docker scenario is to simply layer the Invicti IAST modifications onto your already existing container definition. This document will demonstrate how you can deploy Invicti IAST together with your web application.
There are four steps to these instructions:
- Create your Target in Invicti Platform
- Define the web application image
- Define the Invicti IAST layer image
- Test and scan your web application
Supported Servers and Frameworks |
Step 1: Create your Target in Invicti Platform
For this example, we will assume that the URL for your Target is http://invictiexample.com:60000.
- Create a Target in Invicti Platform with your URL.
- Enable Invicti IAST on the Target Settings page.
- Download the Invicti IAST agent file node-iastsensor.tar and save this file for use later on.
Step 2: Define the Web Application image
This simple web application will be defined through the following file structure:
- /testnodejs-docker/
- /testnodejs-docker/Dockerfile
- /testnodejs-docker/src/app.js
- /testnodejs-docker/src/package.json
- Create your /testnodejs-docker/Dockerfile file to read as follows:
FROM node:12 |
- Create your /testnodejs-docker/src/app.js file to read as follows:
const app = require('express')(); |
- Create your /testnodejs-docker/src/package.json file to read as follows:
{ |
- Finally, build the image with:
cd /testnodejs-docker |
Step 3: Define the Invicti IAST layer image
The Invicti IAST layer will be defined through the following file structure:
- /testnodejs-docker-iastsensor/
- /testnodejs-docker-iastsensor/Dockerfile
- /testnodejs-docker-iastsensor/node-iastsensor.tar
- Copy the node-iastsensor.tar file you created in the first step to your Docker host into the /testnodejs-docker-iastsensor directory.
- Create your /testnodejs-docker-iastsensor/Dockerfile file to read as follows:
FROM testnodejs-docker |
- Build and run your image with:
cd /testnodejs-docker-iastsensor |
Step 4: Test and scan your web application
- Point your browser to your web application - in this example http://invictiexample.com:60000 to confirm it is running as intended. You will get the following:
- Finally, run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.