Invicti IAST for Java overview

Before deploying Invicti IAST, note the list of supported servers and frameworks.

Environments	Supported Servers and Frameworks
Java Runtime	For any Java Runtime environment that is implemented according to these specifications, the supported versions are: 8.x 11.x 17.x 21.x
Application Servers	Apache Tomcat: v8.5.x v9.x v10.0.x v10.1.x Jetty v10.0.x V11.0.x v12.0.x WildFly v22.x and above JBoss EAP v7.4.x WebSphere Traditional 8.5.5.18+ 9.0.5.5+ WebSphere Liberty 20.0.0.9+
Database Engines	MySQL PostgreSQL Microsoft SQL Server DB2 Oracle Sybase SQLite H2
Other Technologies	Axis Freemarker Velocity Hibernate J2EE - Servlet/JSP Struts 2 Spring Web, Spring Boot Spring Expression, Java Expression Language (EL) JAX-RS and Jersey JavaMail JPA java.beans SAX, DOM JNDI - LDAP

Invicti IAST Network Prerequisites

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

Invicti IAST needs to be installed in your web application. The following section describes how to deploy Invicti IAST to a Java web application.

Install Invicti IAST for Java

To install the Invicti Java IAST sensor, you need to:

1. Download the Invicti Java IAST sensor (iastsensor.jar) from the Target’s settings in Invicti Platform. For more information, refer to the Introduction to Invicti IAST document.
   info

   The Invicti IAST for Java download includes the Invicti IAST Token, which, by default, is unique for each target. Unless the Token has been changed to be the same for all targets, you need to download the Invicti Java IAST sensor for each Target separately.

2. Save the downloaded Invicti Java IAST sensor to a location on your web server.
3. Deploy the Invicti Java IAST sensor into your web server. This process differs depending on the web server. There are many possible configurations for a Java web server. The linked documents look at the more common web server configuration possibilities. Use one of the following links for more information on how to deploy Invicti IAST for Java on your web application:
   • Deploying Invicti IAST for Java - Tomcat (Windows/Linux/Docker)
   • Deploying Invicti IAST for Java - Docker (Spring Boot)
   • Deploying Invicti IAST for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)
   • Deploying Invicti IAST for Java - Windows/Linux (Jetty 10.0.10 + WAR File)
   • Deploying Invicti IAST for Java - Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR File)
   • Deploying Invicti IAST for Java – Linux (WebSphere Liberty 19.0.0.9+ with WAR file)
   • Deploying Invicti IAST for Java in AWS Elastic Beanstalk (Tomcat + WAR File)

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center