Support
Invicti Shark (IAST and SCA)

Deploying the Shark agent for Java – Docker and WAR File

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Invicti Shark enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives. For Invicti Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.

This topic explains how to deploy Shark together with your web application into a Docker container.

The Java Shark requires:

  • Deploying aspectjweaver.jar into your web server – provides the integration required for Shark to work with your application
  • Deploying the Invicti Java Shark into your web server – this is unique for each website and can be downloaded by using the Download Java Shark button
  • Configuring your web server to use Load Time Weaving (AspectJWeaver)

This document assumes:

  • You will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.
  • You are logged into the docker host as root, and all files for this web application will be kept in the folder “/root/mywar/”
  • The URL for your WAR web application will be http://<mydockerhostipaddress>:8080/helloworld/

Deploying Invicti Shark in Java – Docker & WAR File consists of 6 steps:

Before, going into details, you need to run the following command on the Spring Boot Docker deployment:

mkdir /root/mywar/

1. Deploying AspectJWeaver for your container

  • Open a terminal
  • Run the following commands to download and deploy AspectJWeaver:
    cd /root/mywar/
    wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
    mv aspectjweaver-1.9.5.jar aspectjweaver.jar

2. Deploying Invicti Shark

  • Create a target website in Invicti for the exact URL of your new web application (for this example: http://<mydockerhostipaddress>:8080/helloworld/)
  • Download Invicti Shark for Java for your web application target
  • Copy the Invicti Shark (Shark.jar) to the docker host into folder /root/mywar/

3. Preparing Environment Variables for Tomcat to use Shark

  • Run the following command on the docker host: nano /root/mywar/setenv.sh
  • This will create a new file. Add this line to the setenv.sh file:
    JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/local/tomcat/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
  • Exit nano and save the changes to the setenv.sh file.

Note: The parameter “-Dacusensor.debug.log=ON” is optional and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output Shark logging as additional lines in the Tomcat logs starting with “[Invicti-debug]”.

4. Preparing your web application for your container

  • Build your application called, for example, HelloWorld.war
  • Copy the HelloWorld.war file to the docker host folder /root/mywar/

5. Create Dockerfile for your web application

  • Run the following command to create and edit your Dockerfile:
    nano /root/mywar/Dockerfile
  • Edit the contents of your docker file to show the following:
    FROM tomcat:9.0-alpine
    COPY Shark.jar /usr/local/tomcat/lib/Shark.jar
    COPY aspectjweaver.jar /usr/local/tomcat/lib/aspectjweaver.jar
    COPY HelloWorld.war /usr/local/tomcat/webapps/helloworld.war
    EXPOSE 8080
    CMD ["catalina.sh", "run"]
  • Save the docker file and exit the nano editor

6. Build your Docker Image and Start a Container based on the Image

  • Run the following commands on the docker host:

Confirm your new web application works by pointing your browser to your docker container:

http://<mydockerhostipaddress>:8080/helloworld

Now, you are ready to scan your web application with Invicti.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.