Skip to main content

Invicti IAST for Java - Linux (WebSphere Liberty 19.0.0.9+ with WAR file)

This guide explains how you can run a Java application in WebSphere Liberty and then use Invicti IAST to run an interactive application security testing (IAST) scan for that application.

info

This document assumes WebSphere is installed in /opt/wlp.

Step 1: Prepare Invicti IAST for Java

In this example, the test application is deployed to the following URL: http://websphere-backend-proto.invicti.site:9080/axexample-java/. In a production environment, you need to change this to the hostname you use for your deployment.

  1. Create a new Target for your URL.
  2. Download Invicti IAST for Java from Invicti Platform and retain the iastsensor.jar file for the next step.
  3. On the WebSphere machine:
    • Create a root folder /iastsensor
    • Copy the iastsensor.jar file to /iastsensor/iastsensor.jar

Step 2: Deploy Invicti IAST and required components

  1. On the WebSphere machine:
    • Create a file /opt/wlp/usr/servers/defaultServer/jvm.options, and set the contents as follows:
-javaagent:/iastsensor/iastsensor.jar
-Diastsensor.debug.log=ON

Step 3: Deploy your application

  1. Copy your axexample-java.war file into the /opt/wlp/usr/servers/defaultServer/dropins folder.
  2. From the terminal, restart WebSphere with:
/opt/wlp/bin/server stop
/opt/wlp/bin/server start

Step 4: Test and scan your web application

  1. Point your browser to your web application to confirm it's running as intended.
  2. Run a scan on your target. The Vulnerability detail confirms that Invicti IAST was detected and used for the scan.

Need help?

Contact the support team for help. Go to Help Center

Was this page useful?