LingZhi IAST has been upgraded to "HuoXian~ DongTai IAST". At the same time, an independent SaaS version is provided, which supports third-party component management, general vulnerability detection, unauthorized vulnerability detection, and component-level vulnerability mining
DongTai IAST SaaS Version:https://iast.huoxian.cn/login
-
Fill out the questionnaire to register
Notice:Accounts will be created in 10 o'clock am.
-
We will send you the user name and password to you after registration and generating the user.
-
Login Address:https://iast.huoxian.cn
-
After logging in to IAST platform, click on system configuration and select password modification in the left column to modify the password.
- Currently, the online range provides openrasp test environment, BenchMark test environment, etc. You can quickly start the cloud environment through the online range to experience the use process of IAST. The following takes the range mirroring openrasp shooting range environment as an example to demonstrate. ####
-
Login to IAST platform
-
Access the "Deploy IAST" feature
-
Select the development language used by the target application (Java)
-
Select the corresponding operating system and version (choose 1.8 for JDK 1.8 and below, choose 1.9 for JDK 1.8 and above)
-
Copy the TOKEN
-
Log in to Range, the range account is the same as the IAST account
-
Click System Settings, enter the token configuration page, paste the previously copied token, click Modify to save
-
Take the mirror openrasp1-3-6 as an example, click mirror management, click download after the corresponding mirror, and a prompt box will pop up to start downloading the range
-
After the download is successful, check whether there is an access path for the current range description item (for example, the access path for openrasp1-3-6 is /wxpay-xxe and /vulns), if so, please copy it, click to enter the range, and paste the access path to access the project
-
After the project is successfully launched, enter IAST platform, you can see the newly launched application on the engine management page in the system configuration
- Enter the Project Configuration page, click New Project
- Create a new project, fill in the basic settings and save
After the project is created, you can access the application normally and trigger the API to detect vulnerabilities; the detected vulnerabilities can be seen on the Project Details page or on the Application Vulnerabilities page.
- Login to IAST platform
- Access the "Deploy IAST" feature
- Select the development language (Java) used by the target application
- Select the corresponding operating system and version (choose 1.8 for JDK 1.8 and below, choose 1.9 for JDK 1.8 and above)
- Enter the download and configuration page, follow the steps to complete the download and configuration
SpringBoot is packaged as jar by default and started by the method of java -jar app.jar; when installing the agent on this type of SpringBoot, you only need to add a parameter to the startup command:
java -javaagent:/path/to/agent.jar -Dproject.name=<project name> -jar app.jarNote: -Dproject.name=<project name> is an optional parameter, <project name> is consistent with the name of the created project, and the agent will be automatically associated with the project; if you do not configure this parameter, you need to enter the project management Perform manual binding.
After the application is started, you can see the newly launched agent on the Engine Management page in the System Configuration. If -Dproject.name=<project name> is not specified, the project name defaults to Demo Project .
Enter the Project Configuration page, if you use the -Dproject.name=<project name> parameter, the agent will be automatically associated with it. If you want to associate with other agents, you can configure it independently in the settings.
After the project is created, you can access the application normally and trigger the API to detect vulnerabilities; the detected vulnerabilities can be seen on the Project Details page or on the Application Vulnerabilities page.
