Deploy Invicti Shark for Java - Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR file)
This document explains how you can run a Java application in WildFly and then use Invicti Shark to run an interactive application security testing (IAST) scan for that application.
Step 1: Prepare Invicti Shark for Java
In this example, the test application is deployed to the following URL: http://127.0.0.1:8080/axexample-java/. In a production environment, you need to change this to the hostname you use for your deployment.
- Create a new target for your URL.
- Download Invicti Shark for Java from the Invicti UI and retain the
Shark (IAST and SCA).jarfile for the next step. The file is saved toC:\shark\in this example. Change the paths accordingly if you are using the Java IAST sensor on Linux.
Step 2: Deploy Invicti Shark and the required components
- Windows
- Linux
- Edit the contents of the
%JBOSS_HOME%\bin\standalone.conf.batfile and add the following to the bottom of the file:
rem *** Shark settings
set "JAVA_OPTS=%JAVA_OPTS% -Dacusensor.debug.log=ON"
set "MODULE_OPTS=-javaagent:C:\shark\Shark (IAST and SCA).jar
- Edit the contents of the
%JBOSS_HOME%/bin/standalone.conffile and add the following to the bottom of the file:
# *** Shark settings
JAVA_OPTS="$JAVA_OPTS -Dacusensor.debug.log=ON"
MODULE_OPTS="-javaagent:/shark/Shark (IAST and SCA).jar"
Step 3: Deploy your application and start your WildFly server
- Ensure that your web application is deployed.
- From the command line, navigate to your
%JBOSS_HOME%\binfolder, and launch WildFly.
Step 4: Test and scan your web application
- Point your browser to your web application to confirm it's running as intended.
- Run a scan on your target website URL. The scan summary confirms that Invicti Shark was detected and used for the scan.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center
Was this page useful?