OWASP Benchmark with IAST agent
About this task
Run OWASP Benchmark with AppScan IAST Java agent
Procedure
-
Clone
BenchmarkJava
andBenchmarkUtils
from https://github.com/OWASP-Benchmark. -
Open command prompt, change to the
BenchmarkUtils
directory and runmvn install -DskipTests
. - In ASoC: Start an IAST Java session and download the agent zip as described in Starting an IAST session.
-
Extract the contents of the
zip
file. -
In the extracted
JAR
, locatesecagent.jar
in thejar_deployment
folder and copy it toBenchmarkJava\tools\HCL
-
From a command prompt, run
runBenchmark_wHCL.bat
, and wait for a few moments until the message'[INFO] Press Ctrl-C to stop the container...'
is displayed. -
Open another command prompt and run
BenchmarkJava\runCrawler.bat
. -
Run
BenchmarkJava\createScorecards.bat
.The test results can be found in:BenchmarkJava\scorecard\Benchmark_v1.2_Scorecard_for_HCL_AppScan_IAST_v{IAST_version} files