Deploying Invicti Shark for Java – Windows/Linux (Wildfly 26.1.1 Final Standalone + WAR file)
This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises
This guide explains how you can run a Java application in Wildfly and then use Invicti Shark to run an interactive application security testing (IAST) scan for that application.
Step 1: Prepare Invicti Shark for Java
In this example, the test application is deployed to the following URL: http://127.0.0.1:8080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).
- Create a new target for your URL.
- Download Invicti Shark for Java from the Invicti UI and retain the Shark (IAST and SCA).jar file for the next step. (Shark (IAST and SCA).jar is saved to C:\shark\ in our example). Change the paths accordingly if you are using the JAVA IAST Sensor on Linux.
Step 2: Deploy Invicti Shark and the required components
Windows:
- Edit the contents of the %JBOSS_HOME%\bin\standalone.conf.bat file and add the following to the bottom of the file:
rem *** Shark settings set "JAVA_OPTS=%JAVA_OPTS% -Dacusensor.debug.log=ON" set "MODULE_OPTS=-javaagent:C:\shark\Shark (IAST and SCA).jar |
Linux:
- Edit the contents of the %JBOSS_HOME%/bin/standalone.conf file and add the following to the bottom of the file:
# *** Shark settings JAVA_OPTS="$JAVA_OPTS -Dacusensor.debug.log=ON" MODULE_OPTS="-javaagent:/shark/Shark (IAST and SCA).jar" |
Step 3: Deploy your application and start your Wildfly server
- Ensure that your web application is deployed.
- From the command line, navigate to your %JBOSS_HOME%\bin folder, and launch Wildfly.
Step 4: Test and scan your web application
- Point your browser to your web application to confirm it is running as intended.
- Run a scan on your target website URL. The scan summary will confirm that Invicti Shark was detected and used for the scan.