Deploying a .NET IAST agent
You can deploy an IAST agent on the application server that supports Java, .NET, Node.js or PHP based applications. This section explains how to create a .NET agent type on your web server.
About this task
Procedure
-
Configure NuGet Package Source:
- Open Visual Studio and navigate to Menu > Tools > Options > NuGet Package Manager > Package Source.
-
Select the folder containing the
SecAgentpackage. - Click the + sign and give the new source a name.
- Identify Web Server Projects: The IAST Agent must only be installed on your web server projects that are typically responsible for serving web content (e.g., ASP.NET Core or ASP.NET MVC projects). Identify these projects by looking for files such as Startup.cs, Controllers, or wwwroot folders.
-
Install the IAST Agent NuGet: In the Solution Explorer, right-click on the web
server project and select Manage NuGet Packages. Search for
com.HCL.AppScan.IAST.agentand select the first package in the results. Click Install. Repeat this step for each web server project in your solution. -
Set Environment Variable (for .NET Core only):If you're using .NET
Core, set the following environment variable:
"ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "SecagentCore" -
Verify Installation:
- For .NET Framework: Open the web.config file and ensure the following lines are added:
<system.webServer> <modules> <add name="SecagentModule" type="Secagent.SecagentModule" preCondition="managedHandler" /> </modules> </system.webServer> ... <appSettings> <add key="IASTAgentKey" value="<key to access asoc app>" /> <add key="IASTHost" value="https://cloud.appscan.com/IAST/" /> <add key="IASTActive" value="true" /> </appSettings>- For .NET Core: Ensure that an asoc-config.json file was added to the root folder of your project.
The agent is now installed. As you use or test your application (by running functional tests, a dynamic scan, or exploring the application manually), the IAST agent will monitor requests and report any security issues it finds.