Invicti IAST for PHP – AWS Elastic Beanstalk

This document is for:

Invicti Platform

AWS Elastic Beanstalk allows you to deploy a web application that can scale to match end-user demand. This simple example will demonstrate how you can deploy Invicti IAST together with your web application into AWS Elastic Beanstalk.

Create your Target in Invicti Platform

For this example, we will assume that the URL for your target is http://eb.invictiexample.com.

Create a Target with your URL.
Enable Invicti IAST for the Target.
Download the Invicti IAST agent file iastsensor.php and save this file for use later on.

Define the web application source bundle

This simple web application will be defined through the following file structure:

/.ebextensions/
/.ebextensions/iastsensor.config
/iastsensor/
/iastsensor/iastsensor.php
/public/
/public/index.php
/public/test.php

Create the folders for your source bundle:

mkdir ~/axexample
mkdir ~/axexample/.ebextensions
mkdir ~/axexample/iastsensor
mkdir ~/axexample/public

Create your ~/axexample/.ebextensions/iastsensor.config file to read as follows:

files:
"/etc/php.d/iastsensor.ini" :
mode: "000755"
owner: root
group: root
content: |
auto_prepend_file=/var/www/html/iastsensor/iastsensor.php

Create your ~/axexample/public/index.php file to read as follows:

<?php
echo "<h1>Test PHP Site Example for AWS Elastic Beanstalk</h1>";
echo "<br>";
echo "Welcome to the main page.";
echo "<br>";
echo "<a href='test.php'>Go to the test page.</a>";
?>

Create your ~/axexample/public/test.php file to read as follows:

<?php
echo "<h1>Test PHP Site Example for AWS Elastic Beanstalk</h1>";
echo "<br>";
echo "Welcome to the test page.";
echo "<br>";
?>

Copy the iastsensor.php file into ~/axexample/iastsensor/iastsensor.php.

Build the source bundle with:

cd ~/axexample
zip -rq axexample.zip .

Deploy your web application to AWS Elastic Beanstalk

From your AWS Dashboard, navigate to Elastic Beanstalk > Environments.

Click Create a new environment.

Set your environment tier to Web server environment. Then click Select.

Set the Application name field to the name of your web application. In this example, we used the name axexample-php.

Set the Platform dropdown to PHP.

Enable the Upload your code option, then click Choose file.

Select your source code bundle for upload, then click Configure more options.

In the Software panel, click Edit.

On the Modify software page, set the Document root field to /public.

Scroll down to the bottom of the Modify software page and click Save.

Scroll down to the bottom of the Configure environment page and click Create environment. AWS Elastic Beanstalk will now create your environment. This can take a few minutes.

When the process is complete you will be sent to your environment's dashboard. Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk. You will need this to create a CNAME to point to this URL.

Create a CNAME for your Target URL to point to your environment's new URL. In our example below, we used the Namecheap cPanel interface to create a CNAME for eb.invictiexample.com to point to axexamplephp-env.eba-uyafmbt5.us-east-1.elasticbeanstalk.com.

Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.invictiexample.com).

Test and scan your web application

Point your browser to your web application (in this example, http://eb.invictiexample.com) to confirm it is running as intended.

Run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.