You must configure the IAST Communication Service before you can start using IAST. To
communicate with the IAST agents, AppScan Enterprise has a dedicated service, which you must
configure.
Before you begin
- You must be an Administrator to configure an IAST Communication Service on the AppScan
Enterprise server.
- You must stop all the scans that are currently running by the AppScan Enterprise server.
- You must have created an application in the Portfolio tab of the Monitor view in the AppScan
Enterprise. For more information on creating an application, see Creating an application.
Note: From AppScan Enterprise V10.0.3 and later, the IAST Communication Service is
automatically configured when you run the Configuration Wizard.
Note: At present, running the
ASEAdminUtil might not reset the service account
password of
HCL AppScan IAST Communication Service. You can reset this password either
through Configuration Wizard or manually reset the password in Windows Service properties. For
information about workaround for service account password reset, see
Known Issues and Workarounds.
About this task
This section helps you configure the IAST Communication Service in the AppScan Enterprise
server.
Procedure
-
Login to the system where you have installed the AppScan Enterprise server.
-
Go to the C:\Program Files (x86)\IBM\AppScan
Enterprise\IASTService\config.
Note: The AppScan Enterprise installation folder location may vary depending on your system
configuration.
-
Open the iast_service.properties file that is available in the
folder.
-
In the iast_service.properties file, find each of the configuration
property line and change the configuration details as explained in the following table:
Property | Configuration changes |
---|
jdbc:sqlserver://localhost:1433 |
Replace localhost with the local host details of the SQL server where the
you have installed the AppScan Enterprise. |
databaseName=<db_name> |
Replace <db_name> with the database name to which you have configured the AppScan
Enterprise. |
server.ssl.key-store=iast.jks |
Specifies the IAST certificate. The IAST certificate, iast.jks , is
available in the IASTService folder. Depending on the certificate you are using, you can
configure the property as follows:
- If you are using self-signed certificate, retain the default configuration available in this
property.
- If you are using CA certificate, then you must configure the certificate location for this
property.
|
service.ase.url |
Specify the AppScan Enterprise Liberty URL. The following is an URL syntax example
representing structure of AppScan Enterprise URL with the components it
contains: https://<hostname>:<port number of AppScan Enterprise>>/<AppScan
Enterprise instance name> Where,
- Hostname: IP address of the server where AppScan Enterprise server is installed.
- Port number of AppScan Enterprise: The port number to which the AppScan Enterprise server
application is configured in the Liberty server. The 9443 is set as a default port number for
AppScan Enterprise server application during installation.
- AppScan Enterprise instance name: AppScan Enterprise server instance.
|
service.ase.key and service.ase.secret |
Generate the key and secret using the API - POST/account/apikey. For more
information about account/apikey API, refer to Swagger documentation. |
-
Save the iast_service.properties file.
-
Restart the AppScan Enterprise server.
-
After the server restarts, you must start the IAST service as follows:
-
Go to the C:\Program Files (x86)\IBM\AppScan Enterprise\IASTService.
-
Double-click startup.bat.
Tip: You can also run this command from the command-line window.
Results
The IAST Communication Service successfully starts.
What to do next
You can download and deploy IAST agent on a web server where the tested application is
installed.