Starting an IAST session
Install the IAST agent on your application server, and configure the scan.
Before you begin
Support: See System Requirements for IAST
Note: The IAST monitoring
session technically "starts" as soon as installation is complete, but no issues are
discovered until the agent is deployed on the application server.
Procedure
- If you have not yet done so, Create an application for your scans.
- In the Application view, click Create Scan to open the wizard, then click Deploy agent under IAST Interactive Analysis.
-
Select Java, Kubernetes,
.NET, PHP, or Node.js and click
Download to save the relevant agent file to your computer.
The process of creating the file for download may take a few moments, but then the download starts automatically.Note: The downloaded agent includes a key that is valid on multiple servers for the same session, so you can copy the agent to several servers. If you download another agent for the same session, the new agent will have a new key, but the new and old keys will both be valid for the session.
-
Deploy the IAST Agent on your application
server.
The IAST agent is now monitoring traffic to the server. You can see this confirmed in the Scan entry in the Application tab. When you run system tests or a DAST scan, issues are identified and added to the scan entry.Important: The IAST agent discovers issues by monitoring traffic to the application. It does not itself generate requests. After the IAST agent is installed, issues typically are discovered during functional testing, QA, and DAST scans.Note: An IAST scan does not stop automatically. It monitors traffic constantly. You can disable monitoring by stopping the IAST session in the ASoC user interface. However, although this disables most IAST agent activity, the agent continues to communicate with ASoC to detect when the session is started again.
Actions
Once the scan is created, the Actions drop-down offers the following options as
appropriate:
- Generate new key: In case the downloaded key was lost. Note: If you generate a new key, the previous key becomes invalid.
- Stop: Stops a running scan without deleting it. You can start it again later. If you want a report on the current scan results, go to the All Issues tab.
- Start: Starts a stopped scan (license permitting). The Issue counter for the scan starts from zero.
- Cancel: Deletes the scan.