You can deploy an IAST agent on the tested application's web server that supports Java,
.NET, or Node.js based applications. This section explains about creating .NET IAST agent type on
your web server.
Before you begin
- You have to create an application in the Portfolio tab of the Monitor view in AppScan
Enterprise. For more information on creating application in AppScan Enterprise, see Creating an application.
About this task
This section helps you create .NET based IAST agent type on the tested application's web
server.
Procedure
-
Log in to the AppScan Enterprise Server application.
-
Go to the Monitor page > Portfolio tab to view the
list of applications available.
-
Click the application to which you want to download an IAST agent.
-
On the left pane, click the IAST Agents.
The IAST agents page is displayed on the right-pane.
-
Click Create a new Agent.
The Getting started with IAST page is displayed.
-
Click Create a new Agent.
The IAST agent creation page is displayed.
-
From the Agent Type drop-down list, select .NET.
-
In the Agent Name box, enter a unique name for the agent you are creating
for the application. The agent name can contain alphanumeric and special characters with a length of
maximum 30 characters.
-
Click Download Agent.
Note: You must use the NuGet Package Manager to add the IAST agent to your application.
-
To add the .NET IAST agent type to your application using NuGet Package Manager through Visual
Studio, perform the following:
- Open Visual Studio.
- Go to
- Select the folder containing SecAgent package.
- Click the + sign and give the new source a name.
- In the Solution Explorer, right-click on the project you want IAST to monitor, and click
Manage NuGet Packages.
- Type com.HCL.AppScan.IAST.agent in the search bar and select first
package in the results.
- Click Install.
-
Start your application.
The IAST agent is installed.
Results
As you use or test your application (run functional tests, run a Dynamic Scan, or explore
the app manually), the IAST Agent monitors the requests as they are sent, and reports on security
issues it finds.