Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan on Cloud Help
  • Getting started
  • Navigation
  • Administration
  • Dynamic analysis
  • Interactive monitoring
  • Static analysis
  • Results
  • Troubleshooting
  • FAQ & Reference
  1. Home
  2. Interactive monitoring

    Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.

  3. Deploying an IAST agent

    Deploy the IAST agent on the application server so it can monitor communication with the application and report to ASoC.

  • Getting started

    Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.

  • Navigation

    This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.

  • Administration

    Define users, applications, policies, and configure DevOps integrations.

  • Dynamic analysis

    AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.

  • Interactive monitoring

    Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.

    • About interactive monitoring (IAST)

      ASoC can monitor normal application runtime behavior to detect vulnerabilities.

    • Starting an IAST session

      Install the IAST agent on your application server, and configure the scan.

    • Deploying an IAST agent

      Deploy the IAST agent on the application server so it can monitor communication with the application and report to ASoC.

      • Deploying a Java IAST agent

        You can deploy an IAST agent on the application server that supports Java, .NET, or Node.js based applications. This section explains how to create a Java agent type on your web server.

      • Deploying a .NET IAST agent

        You can deploy an IAST agent on the application server that supports Java, .NET, or Node.js based applications. This section explains how to create a .NET agent type on your web server.

      • Deploying a Node.js IAST agent

        You can deploy an IAST agent on the application server that supports Java, .NET, or Node.js based applications. This section explains how to create a Node.js agent type on your web server.

    • Deploy on Azure App Service

      Use the IAST agent to monitor applications that run on Azure App Service.

    • OWASP Benchmark with IAST agent
    • IAST using the REST API

      Configure and start an IAST scan, including agent deployment, through the REST API.

    • IAST configuration file

      Configure a JSON file to override the default IAST settings, and report only the vulnerabilities you want to know about.

    • User settings

      Some low-level IAST behavior can be controlled with user parameters.

    • IAST scan results

      An interactive (IAST) scan entry shows results since the last time the scan was started.

    • IAST troubleshooting
  • Static analysis

    Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

  • Results

    The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.

  • Troubleshooting

    If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.

  • FAQ & Reference

    Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Deploying an IAST agent

Deploy the IAST agent on the application server so it can monitor communication with the application and report to ASoC.

About this task

You can deploy the following IAST agents:
  • Java IAST agent
  • .NET IAST agent
  • Node.js IAST agent

Sample automation scripts

Procedure

Two sample Python scripts and a Python library, to facilitate automation when working with IAST, can be found here: https://github.com/hclproducts/asoc_automation_iast
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences