Invicti IAST for PHP – Docker
The most principled way of deploying Invicti IAST in a Docker scenario is to simply layer the Invicti IAST modifications onto your already existing container definition. This simple example will demonstrate how you can deploy Invicti IAST together with your web application.
Create your Target in Invicti Platform
For this example, we will assume that the URL for your target is http://invictiexample.com:60000.
- Create a Target with your URL
- Enable Invicti IAST.
- Download the Invicti IAST agent file iastsensor.php and save this file for use later on.
Define the Web Application image
This simple web application will be defined through the following file structure:
- /testphp-docker/
- /testphp-docker/Dockerfile
- /testphp-docker/websrc/
- /testphp-docker/websrc/index.php
- /testphp-docker/websrc/test.php
- Create your /testphp-docker/Dockerfile file to read as follows:
FROM php:7.3.28-apache |
- Create your /testphp-docker/websrc/index.php file to read as follows:
<?php |
- Create your /testphp-docker/websrc/test.php file to read as follows:
<?php |
- Finally, build the image with:
cd /testphp-docker |
Define the Invicti IAST layer image
The Invicti IAST layer will be defined through the following file structure:
- /testphp-docker-iastsensor/
- /testphp-docker-iastsensor/Dockerfile
- /testphp-docker-iastsensor/iastsensor.php
- Copy the iastsensor.php file you previously downloaded and paste it to your docker host into the /testphp-docker-iastsensor directory.
- Create your /testphp-docker-iastsensor/Dockerfile file to read as follows:
FROM testphp-docker |
- Build and run your image with:
cd /testphp-docker-iastsensor |
Test and scan your web application
- Point your browser to your web application - in this example, http://invictiexample.com:6000 to confirm it is running as intended; you will get the following:
- Run a scan on your Target. The Vulnerability detail will confirm that Invicti IAST was detected and used for the scan.