Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Deploy Invicti Shark

Deploying Shark (IAST) in Invicti Enterprise On-Premises

This document is for:
Invicti Enterprise On-Premises

You can run interactive security testing (IAST) with Invicti Shark in your web application in order to confirm more vulnerabilities and further minimize false positives.

By adding IAST capabilities with the Shark, Invicti provides the following benefits:

  • Showing the exact location of the issue and reporting debug information
  • Providing additional details to help security teams uncover more vulnerabilities
  • Complementing existing Proof-based Scanning™ functionality to automatically prove even more vulnerabilities and simplify remediation efforts
  • Ensuring that the entire web application is scanned, including any hidden and unlinked locations that may be inaccessible to the crawler

For Invicti Shark to operate, you need to download an agent and deploy it on your server. For security reasons, this agent is generated uniquely for each target website. Deploying the Shark sensor is optional. 

Best practices for using Invicti Shark

Invicti Shark delivers optimal results when deployed in the right environment. Follow these guidelines for the best experience:

  • Staging Servers: Install Invicti Shark on your staging servers to perform IAST analysis effectively. This is the ideal environment for such operations.
  • CI/CD Pipelines: You can install Invicti Shark on virtual machines as part of CI/CD pipelines to integrate IAST analysis into your development process. In this setup, ensure that the Shark installation is configured within the CI/CD pipeline.
  • Avoid Production Servers: We do not recommend installing Invicti Shark on production servers. Although it uses minimal resources, it could still impact the performance of your production environment.

For more information, refer to Changing the DAST Game with Invicti IAST.

How to download Shark sensors in Invicti Enterprise On-Premises

  1. Select Scans > New Scan from the left-side menu.
  2. Fill in the Target URL and Scan Profile.
  3. From the Scan Settings, select Shark (IAST and SCA).

  1. Select the Enable Shark checkbox.
  2. In the Server Platform drop-down, specify the platform and click Save As. The options are:        
  1. .Net
  2. PHP
  3. JAVA
  4. Node.js

        The download starts immediately.

WARNING:

  • If you modify any of the following settings after downloading, re-download your files.

  1. From the Advanced Settings, you can:
  • Select the I have a token I would like to reuse checkbox and enter your token, if you already have one.
  • Enter the Bridge URL and Port only if you want to override the default settings.

How to set up a custom Bridge service for Invicti Shark (IAST)

You can either use the bridge service provided by Invicti or install the Invicti IAST Bridge to set up a custom bridge service.

Prerequisites:

  • Install the Invicti IAST Bridge.

Follow these steps to set up a custom Bridge for Invicti Shark:

  1. Press the Windows logo key
  2. Type Services.
  3. Ensure that the Invicti IAST Bridge service is running.

NOTE: By default, the Invicti IAST Bridge runs at the 7880 port using HTTPS.

  1. Log in to Invicti Enterprise.
  2. Select Settings > General from the left-side menu.
  3. Go to the IAST Bridge section.
  4. Enter your custom URL to the Default Bridge URL field. (You can enter your custom URL like this: https://52.58.213.161:7880)
  5. Click Save on the bottom of the page.

IMPORTANT:

If you change your bridge URL after installing the Invicti Shark sensor, you must re-install these sensors, so the changes can take effect.

The process for deploying Invicti Shark on your server is explained in the following documents:

Fields on the Shark (IAST) Page

This section lists and explains the fields available on the Shark (IAST) page.

Installation Files - This section allows you to download the necessary files for use on your server.

Server Platform - Select your server platform (e.g., PHP, Java) to download the appropriate files for your server.

Advanced Settings - Use this section to override the default Shark Token and Bridge URL/Port settings.

  • If you need to override the default settings, ensure changes are made before downloading any files for your server.

Shark Token - The Shark Token secures communication between the Invicti scanner and the IAST Shark agent. A unique token is automatically generated for each website’s Shark agent installation.

  • If you already have a token, select the I have a token I would like to reuse checkbox and enter your token.
  • This field is mandatory.

Bridge URL and Port - The Bridge URL and Port specify the IAST Bridge's address, which relays information from the Shark agent to the Invicti Scanning Engine.

  • The default Bridge URL and Port can be configured on the General Settings page. You can override these settings on the Shark configuration page for individual websites.
  • You may use the Bridge URL provided by Invicti or configure a custom Bridge. For more information, see Setting a Custom Bridge URL for Invicti Shark (IAST).
  • Ensure that the Shark can connect to the specified address and port.
  • This field is mandatory for Java, .NET, and Node.js.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports