Deploying Invicti Node.js IAST sensor

Invicti IAST network prerequisites

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

Before deploying Invicti IAST, note the list of supported servers and frameworks.

Environment	🔍 Supported Servers and Frameworks
NodeJS Runtime	Tested on Windows: v10, v12, v14, v16, v18, v20 Tested on Ubuntu 20: v10, v12, v14, v16, v18, v20
Database Clients	better-sqlite3 Knex (PostgreSQL, CockroachDB, MSSQL, MySQL, MariaDB, SQLite3, Better-SQLite3, Oracle, and Amazon Redshift) MySQL PostgreSQL Sequelize (Oracle, Postgres, MySQL, MariaDB, SQLite and SQL Server) SQLite3
Routers	Director Express find-my-way koa-router LoopBack 4 Restify Router
Templating	EJS Handlebars Pug
Others	Axios (http-request) ldapjs (ldapquery) Libxmljs (xmlparser) Needle (http-request) Nodemailer (sendmail)

To deploy Invicti IAST, you should remember that you need to invoke the sensor when launching the Node application.

Deploying Invicti IAST requires the following steps.

Step 1: Download Invicti IAST for your Target

The instructions to download the Invicti IAST file can be found in the Introduction to Invicti IAST document.

Step 2: Copy the Invicti IAST to the Target

For the purposes of this document, we create a dedicated folder inside your operating system's ROOT folder to hold the Invicti IAST file.

Windows
Linux

Create a folder C:\iastsensor\
Copy the node-iastsensor.tar file into C:\iastsensor\

Create a folder "/iastsensor" with the following command: mkdir /iastsensor/
Use cd to navigate to the folder which contains your downloaded Invicti IAST file and run the following command: cp node-iastsensor.tar /iastsensor/

Step 3: Launch your Node.js web application invoking the Invicti IAST

Windows
Linux

Use cd to navigate to the folder that contains your web application (where the "app.js" file resides) and run the following commands:

npm install \iastsensor\node-iastsensor.tar --no-save
npx node-iastsensor app.js

Use cd to navigate to the folder that contains your web application (where the "app.js" file resides) and run the following commands:

npm install /iastsensor/node-iastsensor.tar --no-save
npx node-iastsensor app.js

Uninstall Invicti IAST

Windows
Linux

Navigate to the folder where the Invicti IAST sensor is installed and run this command: npm remove node-iastsensor
Remove the C:\iastsensor\node-iastsensor.tar file and then remove the C:\iastsensor folder

Navigate to the folder where the Invicti IAST sensor is installed and run these commands:
- npm remove node-iastsensor
- rm -rf /iastsensor

tip

Although Invicti IAST sensor files are secured with a unique strong built-in password, it's recommended that the Invicti IAST sensor files are uninstalled and removed from the web application if they're no longer in use.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?

Step 1: Download Invicti IAST for your Target​

Step 2: Copy the Invicti IAST to the Target​

Step 3: Launch your Node.js web application invoking the Invicti IAST​

Uninstall Invicti IAST​

Need help?​

Step 1: Download Invicti IAST for your Target

Step 2: Copy the Invicti IAST to the Target

Step 3: Launch your Node.js web application invoking the Invicti IAST

Uninstall Invicti IAST

Need help?