This is the section that lets you download the required file to use on your server. This table lists and explains the fields on the Shark (IAST) page. Your production environment may run slower although Invicti Shark consumes limited resources.įor further information, see Changing the DAST Game with Invicti IAST.
We do not recommend installing Invicti Shark on production servers. In this case, the Shark installation would need to be done as part of the CI/CD pipeline. You may install Invicti Shark on virtual machines to perform IAST analysis as part of CI/CD pipelines. 
This is the best place to perform IAST analysis.
You need to install Invicti Shark on your staging servers. The following points provide the best practice in using the Shark: To get the best out of Invicti Shark, you need to use it in the right environment. Invicti Shark works best in specific environments. Shark has only a very minimal impact on resources on the target machine - less than 1% in lab test results. NET, Java, Node.js, and PHP web applications. Invicti is still best in class as a black-box scanner, and the Shark Agent improves accuracy and vulnerability results when scanning. Please note that this agent is generated uniquely for each target website for security reasons.ĭeploying the Shark Agent is optional. Ensuring that the entire web application is scanned, including any hidden and unlinked locations that may be inaccessible to the crawlerįor Invicti Shark to operate, you need to download an agent and deploy it on your server. Complementing existing Proof-based Scanning™ functionality to automatically prove even more vulnerabilities and simplify remediation efforts. Providing additional details to help security teams uncover more vulnerabilities. Showing the exact location of the issue and reporting debug information. Using Shark enables Invicti to provide additional information from the back-end while scanning your web application.īy adding IAST capabilities with the Shark, Invicti provides the following benefits: Invicti provides industry-leading dynamic application security testing (DAST) capabilities to help find vulnerabilities in the target web application. You can run interactive security testing (IAST) with Invicti Shark in your web application in order to confirm more vulnerabilities and further minimize false positives.
0 kommentar(er)
