Configuring Invicti IAST Bridge

Invicti IAST Bridge is a necessary application to facilitate communication between IAST sensors and Invicti Enterprise. 

Invicti Shark (IAST) helps you run interactive security testing via Invicti Enterprise. That helps confirm more vulnerabilities and further minimize false positives. By adding IAST capabilities with the Shark, Invicti also shows the exact location of the issue and ensures that the entire web application is scanned. For further information, see Deploying Shark (IAST) in Invicti Enterprise.

For Invicti Shark to operate, you need to download the Shark sensor and deploy it on your server. Additionally, you must configure the Invicti IAST Bridge for Java, .NET, and Node.js sensors. Note that the PHP sensor does not use the IAST Bridge.

How IAST Bridge communicates

The bridge is used to relay information from the Shark sensor to the Invicti scanner agent.

The following steps show how the IAST Bridge facilitates communication between the scanner and the sensor:

1. When the scan is launched, the Scanner connects to the bridge. The scanner includes the IAST token, and this token is the identifier throughout the scan.
2. The Bridge starts listening for connections for the scan.
3. When the sensor needs to send data, it sends the data to the bridge, together with the IAST token.
4. The bridge sends the data to the correct scanner (identified by the IAST token) connected to receive that data.

Both the scanner agent and Shark sensor connect to the IAST Bridge via the address and port configured for the IAST bridge. As a result, the IAST bridge receives connections from the Scanning engine and from the IAST sensors.

Setting up the IAST Bridge on Invicti Enterprise

You can set up the IAST Bridge if you have Invicti Enterprise On-Premises.

The IAST Bridge is a part of the Invicti Enterprise On-Premises installation package delivered to you via a .zip file.

How to install Invicti IAST Bridge

1. Run the IASTBridgeSetup.exe file.
2. On the Welcome to the Invicti IAST Bridge Setup Wizard window, select Next.

3. Select Browse if you want to install the IAST Bridge to a different folder than the default folder. Select Next.

4. On the Agent Settings window, enter the Service Port. By default, it is 7880.

5. Select Install to complete the installation.

How to set up a custom bridge service

1. Press the Windows logo key
2. Type Services.
3. Make sure the Invicti IAST Bridge is running.

By default, the Invicti IAST Bridge runs at the 7880 port.

4. Log in to Invicti Enterprise.
5. From the main menu, select Settings > General.
6. Go to the IAST Bridge section.
7. Enter your custom URL in the Default Bridge URL field. (You can enter your custom URL like this: http://52.58.213.161:7880)
8. Select Save.

Configuring Invicti Enterprise On-Premises for a custom IAST bridge

You can configure the bridge address on the General Settings page or the Shark Settings.

• You can set the default bridge URL and port on the General Settings page. 
• On the Shark settings page, the advanced setting lets you override the default bridge URL for each website.

As a bridge URL and port, you can use the URL provided by Invicti. OR, you can set up a custom bridge.

Make sure that the Shark sensors can connect to the address/port specified.

How to configure the default IAST Bridge URL via the General Settings page

1. Log in to Invicti Enterprise.
2. From the main menu, select Settings > General.
3. To the Default Bridge URL field, enter your bridge URL.

How to override the default IAST Bridge URL via the Shark Settings

1. Log in to Invicti Enterprise.
2. From the main menu, select Scans > New Scan.
3. Specify the Target URL.
4. From the Scan Settings, select Shark (IAST and SCA).
5. From the Shark Settings section, select Enable Shark.
6. From the Server Platform drop-down, select Java, .NET, or Node.js.
7. From the Advanced Settings drop-down, enter the URL and the port to the Bridge URL and Port field.