Configuring IAST Communication Service in AppScan Enterprise Server

You must configure the IAST Communication Service before you can start using IAST. To communicate with the IAST agents, AppScan Enterprise has a dedicated service, which you must configure.

Before you begin

  • You must be an Administrator to configure an IAST Communication Service on the AppScan Enterprise server.
  • You must stop all the scans that are currently running by the AppScan Enterprise server.
  • You must have created an application in the Portfolio tab of the Monitor view in the AppScan Enterprise. For more information on creating an application, see Creating an application.
Note: From AppScan Enterprise V10.0.3 and later, the IAST Communication Service is automatically configured when you run the Configuration Wizard.
Note: At present, running the ASEAdminUtil might not reset the service account password of HCL AppScan IAST Communication Service. You can reset this password either through Configuration Wizard or manually reset the password in Windows Service properties. For information about workaround for service account password reset, see Known Issues and Workarounds.

About this task

This section helps you configure the IAST Communication Service in the AppScan Enterprise server.

Procedure

  1. Login to the system where you have installed the AppScan Enterprise server.
  2. Go to the C:\Program Files (x86)\IBM\AppScan Enterprise\IASTService\config.
    Note: The AppScan Enterprise installation folder location may vary depending on your system configuration.
  3. Open the iast_service.properties file that is available in the folder.
  4. In the iast_service.properties file, find each of the configuration property line and change the configuration details as explained in the following table:
    PropertyConfiguration changes
    jdbc:sqlserver://localhost:1433 Replace localhost with the local host details of the SQL server where the you have installed the AppScan Enterprise.
    databaseName=<db_name> Replace <db_name> with the database name to which you have configured the AppScan Enterprise.
    server.ssl.key-store=iast.jks

    Specifies the IAST certificate. The IAST certificate, iast.jks, is available in the IASTService folder.

    Depending on the certificate you are using, you can configure the property as follows:
    • If you are using self-signed certificate, retain the default configuration available in this property.
    • If you are using CA certificate, then you must configure the certificate location for this property.
    service.ase.url Specify the AppScan Enterprise Liberty URL.

    The following is an URL syntax example representing structure of AppScan Enterprise URL with the components it contains:

    https://<hostname>:<port number of AppScan Enterprise>>/<AppScan Enterprise instance name>

    Where,
    • Hostname: IP address of the server where AppScan Enterprise server is installed.
    • Port number of AppScan Enterprise: The port number to which the AppScan Enterprise server application is configured in the Liberty server. The 9443 is set as a default port number for AppScan Enterprise server application during installation.
    • AppScan Enterprise instance name: AppScan Enterprise server instance.
    service.ase.key and service.ase.secret Generate the key and secret using the API - POST/account/apikey. For more information about account/apikey API, refer to Swagger documentation.
  5. Save the iast_service.properties file.
  6. Restart the AppScan Enterprise server.
  7. After the server restarts, you must start the IAST service as follows:
    1. Go to the C:\Program Files (x86)\IBM\AppScan Enterprise\IASTService.
    2. Double-click startup.bat.
      Tip: You can also run this command from the command-line window.

Results

The IAST Communication Service successfully starts.

What to do next

You can download and deploy IAST agent on a web server where the tested application is installed.