Invicti IAST for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)
This document explains how you can run a Java application in JBOSS and then use Invicti IAST to run an interactive application security testing (IAST) scan for that application.
Step 1: Prepare Invicti IAST for Java
In this example, the test application is deployed to the following URL: http://127.0.0.1:8080/axexample-java/. In a production environment, you need to change this to the hostname you use for your deployment.
- Create a new Target for your URL.
- Download Invicti IAST for Java from Invicti Platform and retain the
iastsensor.jarfile for the next step (iastsensor.jaris saved toC:\iastsensor\in our example). Change the paths accordingly if you are using the Java IAST Sensor on Linux.
Step 2: Deploy Invicti IAST and the required components
- Windows
- Linux
Edit the contents of the %JBOSS_HOME%\bin\standalone.conf.bat file and add the following to the bottom of the file:
rem *** iastsensor settings
set "JAVA_OPTS=%JAVA_OPTS% -Diastsensor.debug.log=ON"
set "MODULE_OPTS=-javaagent:C:\iastsensor\iastsensor.jar
Edit the contents of the %JBOSS_HOME%/bin/standalone.conf file and add the following to the bottom of the file:
# *** iastsensor settings
JAVA_OPTS="$JAVA_OPTS -Diastsensor.debug.log=ON"
MODULE_OPTS="-javaagent:/iastsensor/iastsensor.jar"
Step 3: Deploy your application and start your JBOSS server
- Ensure that your web application is deployed.
- From the command line, navigate to your
%JBOSS_HOME%\binfolder, and launch JBOSS.
Step 4: Test and scan your web application
- Point your browser to your web application to confirm it's running as intended.
- Run a scan on your Target. The Vulnerability detail confirms that Invicti IAST was detected and used for the scan.
Need help?
Contact the support team for help. Go to Help Center
Was this page useful?