Deploying Invicti Shark agent for Java – Docker Spring Boot
Invicti Shark enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives. For Invicti Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to deploy Shark together with your Spring Boot web application into a Docker container.
The Java Shark requires:
- Deploying aspectjweaver.jar into your web server – provides the integration required for the Shark to work with your application
- Deploying the Invicti Java Shark into your web server – this is unique for each target and can be downloaded by using the Download Java Shark button
- Configuring your web server to use Load Time Weaving (AspectJWeaver)
This document assumes:
- You will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.
- You are logged into the docker host as root, and all files for this web application will be kept in the folder “/root/myspringapp/”
Deploying Invicti Shark in Java – Docker Spring Boot consists of 5 steps:
Before, going into details, you need to run the following command on the docker host to prepare the folder for the deployment: mkdir /root/myspringapp/
1. Deploying AspectJWeaver for your container
- Open terminal
- Run the following commands to download and deploy AspectJWeaver:
wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
mv aspectjweaver-1.9.5.jar aspectjweaver.jar
2. Deploying Invicti Shark for your container
- Create a target website in Invicti for the exact URL of your new web application (for example http://myspringapp.example.com:8080/ )
- Download the Invicti Shark for Java for your web application target
- Copy the Invicti Shark (Shark.jar) to the docker host into folder /root/myspringapp/
3. Preparing Spring Boot
- Build your application called, for this example, myspringapp.jar
- Copy the JAR file for your web application myspringapp.jar to the docker host folder /root/myspringapp/
4. Create Dockerfile
- Run the following command to create and edit your Dockerfile: nano /root/myspringapp/Dockerfile
- Edit the contents of your Dockerfile to show the following:
FROM openjdk:8-jdk-alpine COPY Shark.jar Shark.jar COPY aspectjweaver.jar aspectjweaver.jar COPY myspringapp.jar myspringapp.jar EXPOSE 8080 CMD java -javaagent:aspectjweaver.jar -Dacusensor.debug.log=ON -Dloader.path=Shark.jar -cp myspringapp.jar org.springframework.boot.loader.PropertiesLauncher
Note: The parameter “-Dacusensor.debug.log=ON” is optional and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output Shark logging as additional lines in the Tomcat logs starting with “[Invicti-debug]”.
- Save the Dockerfile and exit the nano editor
5. Build your Docker Image and Start a Container
- Run the following commands on the docker host:
docker build -t myspringapp:test
docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test
Now, you are ready to scan your new Spring Boot web application with Invicti.