Invicti IAST for PHP - AWS Elastic Beanstalk
AWS Elastic Beanstalk allows you to deploy a web application that can scale to match end-user demand. This simple example demonstrates how you can deploy Invicti IAST together with your web application into AWS Elastic Beanstalk.
Create your Target in Invicti Platform
For this example, we assume that the URL for your target is http://eb.invictiexample.com.
- Create a Target with your URL.
- Enable Invicti IAST.
- Download Invicti IAST sensor iastsensor.php and save this file for use later on.
Define the web application source bundle
This simple web application is defined through the following file structure:
- /.ebextensions/
- /.ebextensions/iastsensor.config
- /iastsensor/
- /iastsensor/iastsensor.php
- /public/
- /public/index.php
- /public/test.php
- Create the folders for your source bundle:
mkdir ~/axexample
mkdir ~/axexample/.ebextensions
mkdir ~/axexample/iastsensor
mkdir ~/axexample/public
- Create your ~/axexample/.ebextensions/iastsensor.config file to read as follows:
files:
"/etc/php.d/iastsensor.ini" :
mode: "000755"
owner: root
group: root
content: |
auto_prepend_file=/var/www/html/iastsensor/iastsensor.php
- Create your ~/axexample/public/index.php file to read as follows:
<?php
echo "<h1>Test PHP Site Example for AWS Elastic Beanstalk</h1>";
echo "<br>";
echo "Welcome to the main page.";
echo "<br>";
echo "<a href='test.php'>Go to the test page.</a>";
?>
- Create your ~/axexample/public/test.php file to read as follows:
<?php
echo "<h1>Test PHP Site Example for AWS Elastic Beanstalk</h1>";
echo "<br>";
echo "Welcome to the test page.";
echo "<br>";
?>
- Copy the iastsensor.php file into ~/axexample/iastsensor/iastsensor.php.
- Build the source bundle with:
cd ~/axexample
zip -rq axexample.zip .
Deploy your web application to AWS Elastic Beanstalk
- From your AWS Dashboard, navigate to Elastic Beanstalk > > Environments.
- Click Create a new environment.
- Set your environment tier to Web server environment. Then click Select.
- Set the Application name field to the name of your web application. In this example, we used the name axexample-php.
- Set the Platform dropdown to PHP.
- Enable the Upload your code option, then click Choose file.
- Select your source code bundle for upload, then click Configure more options.
- In the Software panel, click Edit.
- On the Modify software page, set the Document root field to /public.
- Scroll to the bottom of the Modify software page and click Save.
- Scroll to the bottom of the Configure environment page and click Create environment. AWS Elastic Beanstalk now creates your environment. This can take a few minutes.
- When the process is complete you are sent to your environment's dashboard. Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk. You need this to create a CNAME to point to this URL.
-
Create a CNAME for your Target URL to point to your environment's new URL. In our example, we used the Namecheap cPanel interface to create a CNAME for eb.invictiexample.com to point to axexamplephp-env.eba-uyafmbt5.us-east-1.elasticbeanstalk.com.
-
Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.invictiexample.com).
Test and scan your web application
- Point your browser to your web application (in this example, http://eb.invictiexample.com) to confirm it is running as intended.
- Run a scan on your Target. The Vulnerability detail confirms that Invicti IAST was detected and used for the scan.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center