Home
Overview
Learn general information about the product.
Interactive Application Security Testing (IAST) in AppScan Enterprise
Downloading and deploying .NET IAST agent type
You can deploy an IAST agent on the tested application's web server that supports Java, .NET, or Node.js based applications. This section explains about creating .NET IAST agent type on your web server.

Overview
Learn general information about the product.
- Application security management
  Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
- AppScan® Enterprise components
  HCL® AppScan® Enterprise enables organizations to mitigate application security risk, strengthen application security program management initiatives and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts. Performance metrics are provided that help you monitor the progress of your application security programs.
- AppScan Standard components shipped with AppScan Enterprise
  The following table tracks the product versions of AppScan Standard components that are shipped with AppScan Enterprise.
- Getting started with application security management
  Depending on your role, you can get started with different areas of the product.
- What's new in HCL AppScan® Enterprise
- Interactive Application Security Testing (IAST) in AppScan Enterprise
  - Licensing for IAST agent
  - Configuring IAST Communication Service in AppScan Enterprise Server
    The IAST Communication service is automatically configured while running the Configuration Wizard.
  - Downloading and deploying Java IAST agent on Web server
    You have to download and deploy an IAST agent on the tested application's web server to monitor traffic sent during runtime and report vulnerabilities it finds.
  - Downloading and deploying .NET IAST agent type
    You can deploy an IAST agent on the tested application's web server that supports Java, .NET, or Node.js based applications. This section explains about creating .NET IAST agent type on your web server.
  - Downloading and deploying Node.js IAST agent type
    You can deploy an IAST agent on the tested application's web server that supports Java, .NET, or Node.js based applications. This section explains about creating Node.js agent type on your web server.
  - Managing IAST agents in AppScan Enterprise
    AppScan Enterprise can support multiple IAST agents for a single application.
- Supported technologies
- Known issues and workarounds
  These are known issues and their workarounds.
- Deprecated features
  If you are migrating from an earlier release of AppScan® Enterprise, you should be aware of the various features that have been deprecated in this release.
- AppScan Enterprise Legal Notices
- Statement of Good Security Practices

Downloading and deploying .NET IAST agent type

You can deploy an IAST agent on the tested application's web server that supports Java, .NET, or Node.js based applications. This section explains about creating .NET IAST agent type on your web server.

Before you begin

You have to create an application in the Portfolio tab of the Monitor view in AppScan Enterprise. For more information on creating application in AppScan Enterprise, see Creating an application.

About this task

This section helps you create .NET based IAST agent type on the tested application's web server.

Procedure

Log in to the AppScan Enterprise Server application.
Go to the Monitor page > Portfolio tab to view the list of applications available.
Click the application to which you want to download an IAST agent.
The application page is displayed. For more information on creating an application, see Creating an application
On the left pane, click the IAST Agents.
The IAST agents page is displayed on the right-pane.
Click Create a new Agent.
The Getting started with IAST page is displayed.
Click Create a new Agent.
The IAST agent creation page is displayed.
From the Agent Type drop-down list, select .NET.
In the Agent Name box, enter a unique name for the agent you are creating for the application. The agent name can contain alphanumeric and special characters with a length of maximum 30 characters.
Click Download Agent.

Note: You must use the NuGet Package Manager to add the IAST agent to your application.
To add the .NET IAST agent type to your application using NuGet Package Manager through Visual Studio, perform the following:
1. Open Visual Studio.
2. Go to Menu > Tools > Options > NuGet Package Manager > Package Source
3. Select the folder containing SecAgent package.
4. Click the + sign and give the new source a name.
5. In the Solution Explorer, right-click on the project you want IAST to monitor, and click Manage NuGet Packages.
6. Type com.HCL.AppScan.IAST.agent in the search bar and select first package in the results.
7. Click Install.
Start your application.
The IAST agent is installed.

Results

As you use or test your application (run functional tests, run a Dynamic Scan, or explore the app manually), the IAST Agent monitors the requests as they are sent, and reports on security issues it finds.