Deploying Invicti Shark for Java – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)
This document is for:
Invicti Enterprise On-Demand
This guide explains how you can run a Java application in WebSphere and then use Invicti Shark to run an interactive application security testing (IAST) scan for that application.
NOTE: This document assumes WebSphere is installed in /opt/wlp |
Step 1: Prepare Invicti Shark for Java
In this example, the test application is deployed to the following URL: http://websphere-backend-proto.invicti.site:9080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).
- Create a new target for your URL.
- Download Invicti Shark for Java from the Invicti Enterprise UI and retain the Shark (IAST and SCA) file for the next step.
- On the WebSphere machine:
- Create a root folder /shark
- Copy the shark.jar file to /shark/shark.jar
Step 2: Deploy Invicti Shark and required components
On the WebSphere machine:
- Create a file /opt/wlp/usr/servers/defaultServer/jvm.options, and set the contents as follows:
-javaagent:/shark/shark.jar -Dacusensor.debug.log=ON |
Step 3: Deploy your application
- Copy your axexample-java.war file into the /opt/wlp/usr/servers/defaultServer/dropins folder.
- From the terminal, restart WebSphere with:
/opt/wlp/bin/server stop /opt/wlp/bin/server start |
Step: Test and scan your web application
- Point your browser to your web application to confirm it is running as intended.
- Run a scan on your target. The scan summary will confirm that Invicti Shark was detected and used for the scan.