Start IAST Session

Install the IAST Agent on your application server, and configure the scan.

Before you begin

Support: Java versions 8 and higher are supported.
Attention: If both the compile-time and the runtime Java versions are 9 or higher, you must add this flag to the java run command:
–Djava.lang.invoke.stringConcat=BS_SB
Note: The scan technically "starts" as soon as this process is complete, but no issues can be discovered until the agent is deployed on the application server.

Procedure

  1. If you have not yet done so: Create an application for your scans.
  2. In the Application, click Create Scan to open the wizard, then select Interactive (IAST).
  3. Click Download Agent to save the agent file to your computer. The process of creating the file for download may take a ew moments, but then the downlaod starts automatically.
  4. Deploy the IAST Agent on your application server.
    The IAST agent is now monitoring traffic to the server. You can see this confirmed in the Scan entry in the application tab. When you run system tests or a DAST scan, issues will be identified and added to the scan entry.
    Important: An IAST Scan does not send its own requests. It can discover issues only if requests are sent to the tested application by a third party, such as system tests, a manual explore, or a DAST Scan.
    Note: An IAST scan does not stop automatically unless it is configured to stop if the agent gets disconnected and this happens. Otherwise it continues indefinitely until stopped by the user.

Actions

Once the scan is created, the Actions dropdown offers the following options (as relevant):
  • Generate new key: In case the downloaded key was lost. Note that if you generate a new key, the previous key becomes invalid.
  • Stop: Stops a running scan without deleting it. You can start it again later. If you want a report on the current scan results, go to to the All Issues tab.
  • Start: Starts a stopped scan (license permitting). The Issue counter for the scan starts from zero.
  • Cancel: Deletes the scan.