Skip to main content

Invicti IAST for .NET - AWS Elastic Beanstalk

Invicti IAST Network Prerequisites

IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

This document shows how to run a .NET application in AWS Elastic Beanstalk and then use Invicti IAST to run an interactive application security testing (IAST) scan for that application. There are 5 steps to this process.

Step 1: Create your Target in Invicti Platform

For this example, we assume that the URL for your Target is http://eb.invictiexample.com.

  1. Create a Target in Invicti Platform with your URL.
  2. Configure your Target settings to enable Invicti IAST. For more information, refer to the Introduction to Invicti IAST document.
  3. Download Invicti IAST sensor file dotnet-iastsensor.zip and save this file for use later on.

Step 2: Create your web application using Visual Studio

  1. Select File > New > Project from the menu.
  2. Search for "web application", then select ASP.NET Web Application (.NET Framework), and click Next.
  3. Set your Project name (in this example we're using axexample-dotnet), then click Create.
  4. Select the Empty template, clear the Configure for HTTPS option, then click Create.
  5. Right-click on your project name and select Add > HTML Page from the context menu.
  6. Set the Item name field to index and click OK.
  7. Edit your index.html file to read as follows:
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <title></title>
</head>
<body>
    <h1>Test dotNET Site Example for AWS Elastic Beanstalk</h1>
    <br>
    Hello World! - Main Page
    <br>
    <a href="/page1.html">Goto Page 1</a>
</body>
</html>
  1. Repeat the process to create a page1.html file. Edit your page1.html file to read as follows:
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <title></title>
</head>
<body>
    <h1>Test dotNET Site Example for AWS Elastic Beanstalk</h1>
    <br>
    Hello World! - Page 1
    <br>
    <a href="/">Goto Main Page</a>
</body>
</html>
  1. Save your changes to your index.html and page1.html files.
  2. Right-click on your project name and select Publish from the context menu.
  3. Select the Web Server (IIS) target, then click Next.
Publish to Web Server (IIS)
  1. Select the Web Deploy Package specific target, then click Next.
  2. Set the Package location to the folder where you want to keep your files and set the Site name. Then click Finish. In our example, we have set the package location to C:\axexample-dotnet\axexample-dotnet.zip and the site name to axexample-dotnet.
Set Package Location and Site Name

  1. Click Publish.

  2. Using Windows Explorer, navigate to your version of the C:\axexample-dotnet folder and remove the following files:

    • axexample-dotnet.deploy.cmd
    • axexample-dotnet.deploy-readme.txt
    • axexample-dotnet.SourceManifest.xml

    Your folder should now only contain the following two files:

    • axexample-dotnet.zip
    • axexample-dotnet.SetParameters.xml

Step 3: Complete your application source code bundle

This simple web application is defined through the following file structure:

  • C:\axexample-dotnet.ebextensions
  • C:\axexample-dotnet.ebextensions\iastsensor.config
  • C:\axexample-dotnet\aws-windows-deployment-manifest.json
  • C:\axexample-dotnet\axexample-dotnet.SetParameters.xml
  • C:\axexample-dotnet\axexample-dotnet.zip
  • C:\axexample-dotnet\dotnet-iastsensor.zip
  1. Create your C:\axexample-dotnet\.ebextensions folder.
  2. Create your C:\axexample-dotnet\.ebextensions\iastsensor.config file to read as follows:
files:
  "C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\90create_folder.bat":
    content: mkdir C:\iastsensor
  "C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\91extract_iastsensor.bat":
    content: powershell Expand-Archive -force C:\staging-previous\dotnet-iastsensor.zip -DestinationPath C:\iastsensor
  "C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\92inject_iastsensor.bat":
    content: "C:\iastsensor\.NET Framework\injector.exe" -m inject -t http://localhost:80/
  1. Create your C:\axexample-dotnet\aws-windows-deployment-manifest.json file to read as follows:
{
  "manifestVersion": 1,
  "deployments": {
    "msDeploy": [
      {
        "name": "axexample-dotnet",
        "parameters": {
          "appBundle": "axexample-dotnet.zip",
          "iisPath": "/"
        }
      }
    ]
  }
}
  1. Copy the dotnet-iastsensor.zip file you created earlier into C:\axexample-dotnet\dotnet-iastsensor.zip.
  2. Build the source code bundle from the command line with:
powershell Compress-Archive -Path C:\axexample-dotnet\* -DestinationPath %USERPROFILE%\Desktop\axexample-dotnet-aws.zip
  1. Retain your zip file for the deployment.

Step 4: Deploy your web application to AWS Elastic Beanstalk

  1. From your AWS Dashboard, navigate to Elastic Beanstalk > Environments.
  2. Click Create a new environment.
Create a new environment in AWS.
  1. Set your environment tier to Web server environment, then click Select.
Select Web server environment.
  1. Set the Application name field to the name of your web application. (In this example we have used the name axexample-dotnet).
Set Application Name.
  1. Set the Platform drop-down to .NET on Windows Server.
Set Platform to .NET on Windows Server.
  1. Enable the Upload your code option, then click Choose file.
Upload your code.
  1. Select your source code bundle for upload (in our example, axexample-dotnet.zip) and click Create environment. AWS Elastic Beanstalk now creates your environment. This can take a few minutes.
  2. When the process is complete you are sent to your environment's dashboard. Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk. You need this to create a CNAME to point to this URL.
AWS Environment Dashboard with URL.
  1. Create a CNAME for your URL to point to your environment's new URL that was created automatically by AWS Elastic Beanstalk. In our example, we used the Namecheap cPanel interface to create a CNAME for eb.invictiexample.com to point to axexampledotnet-env.eba-phzhexiv.us-east-1.elasticbeanstalk.com.
  2. Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.invictiexample.com).

Step 5: Test and scan your web application

  1. Point your browser to your web application (in this example http://eb.invictiexample.com) to confirm it is running as intended. You get the following:
Test .NET site example for AWS Elastic Beanstalk.
  1. Run a scan on your Target. The Vulnerability detail confirms that Invicti IAST was detected and used for the scan.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?