Downloading and deploying Node.js IAST agent type

You can deploy an IAST agent on the tested application's web server that supports Java, .NET, or Node.js based applications. This section explains about creating Node.js agent type on your web server.

Before you begin

  • You have to create an application in the Portfolio tab of the Monitor view in AppScan Enterprise. For more information on creating application in AppScan Enterprise, see Creating an application.

About this task

This section helps you create an Node.js based IAST agent type on the tested application's web server.

Procedure

  1. Log in to the AppScan Enterprise Server application.
  2. Go to the Monitor page > Portfolio tab to view the list of applications available.
  3. Click the application to which you want to download an IAST agent.
    The application page is displayed. For more information on creating an application, see Creating an application
  4. On the left pane, click the IAST Agents.
    The IAST agents page is displayed on the right-pane.
  5. Click Create a new Agent.
    The Getting started with IAST page is displayed.
  6. Click Create a new Agent.
    The IAST agent creation page is displayed.
  7. From the Agent Type drop-down list, select Node.js if the application you are testing is a Node.js based application.
  8. In the Agent Name box, enter a unique name for the agent you are creating for the application. The agent name can contain alphanumeric and special characters with a length of maximum 30 characters.
  9. Click Download Agent. The Check your downloads folder message is displayed and the hclsoftware-secagent.tgz file is downloaded to the system’s default download folder.
  10. Copy the hclsoftware-secagent.tgz file to a folder in your web server.
  11. You must install the Node.js agent type, using the following command:
    .npm install hclsoftware-secagent.tgz
  12. Open the application's package.json file and edit the script start value.
  13. In the start script parameter node index.js insert the script parameter -r @hclsoftware/secagent/src/last.js after the node value as illustrated in the following screen shot.
    Node.js Edit
  14. Run your tested application using the npm start command.

Results

The Node.js IAST agent type is deployed on the web server of the tested application. You can now view all the issues detected by IAST agents in the application's monitor page.