AppSentinels DAST Client Deployment
The AppSentinels DATS (Dynamic Application Testing System) Client functions as an API penetration testing agent. It connects to the target application, logs in as an authenticated user, and performs comprehensive API security testing by generating and injecting various malicious payloads to identify potential vulnerabilities.
Deployment Options
The DATS Client can be deployed in two ways based on your infrastructure setup:
SaaS Deployment (Managed by AppSentinels)
- The DATS Client is hosted in AppSentinels' data center.
- Ideal when the application under test is externally accessible from the AppSentinels infrastructure.
On-Prem Deployment (Managed by Customer)
- The DATS Client is deployed inside the customer's internal network.
- Both the application under test and the AppSentinels SaaS platform must be reachable from the on-prem environment.
On-Prem DAST Client Deployment Prerequisites
The following requirements must be met for deploying the AppSentinels DAST Client:
System Requirements
- Operating System: Ubuntu 22.04 or later / Red Hat 8.6 or later
- CPU: 2 cores (x86_64)
- RAM: 6 GB
- Disk Space: 50 GB of free space in the /var partition
Required Packages
- Docker: Version 23.0 or higher
- Docker Compose: Version 1.28.6 or higher (if deploying with docker-compose)
Network Connectivity Requirements
- Outbound TCP Port 443 must be open in the firewall to enable data transmission to the AppSentinels Security Platform.
- DAST Client reachability to application server
-
Access to Docker repositories is required to download the image. The
following domains must be whitelisted:
- docker.io
- auth.docker.io
- registry-1.docker.io
- production.cloudflare.docker.com
Deployment Options
AppSentinels DAST Client is available as a containerized application and can be deployed in a Docker or Kubernetes environment.
AppSentinels DAST Client Configuration Parameters
The following table provides details of the essential configuration parameters required for deploying the AppSentinels DAST Client. These parameters define the DAST Client's connectivity, authentication, and integration with the application environment.
Parameter | Description | Example |
---|---|---|
saas_url | The fully qualified domain name (FQDN) of the AppSentinels Security Platform. | cloud.appsentinels.com |
api_key | The API key used to authenticate the DAST Client. | ******* |
dast_client_tag | DAST Client tag used to identify the DAST Client in the AppSentinels Security Platform. | dast-client-orgname |
Deploying DAST Client Using Docker-Compose
Use the following YAML configuration:
version: '3.8'
services:
dast_client:
image: appsentinels/dast-client:latest
hostname: dast-client
container_name: dast-client
environment:
- saas_url=<AppSentinels-Platform-FQDN>
- api_key=<API-KEY>
- dast_client_tag=<dast client tag>
# Proxy setting for auth server to authenticate user to access the application
#- aut_auth_https_proxy=https://PROXY_IP:PORT
# Proxy setting for accessing application under test
#- aut_https_proxy=https://PROXY_IP:PORT
# Proxy setting for DAST client to connect with AppSentinels Cloud Platform
#- dast_server_https_proxy=https://PROXY_IP:PORT
deploy:
resources:
limits:
cpus: '3'
memory: 8192M
networks:
- dast-client-network
logging:
driver: syslog
options:
tag: appsentinels-dast-client
volumes:
- /var/log/appsentinels-dast/:/var/log/appsentinels-dast
To deploy the DAST Client using the above Docker Compose configuration, execute the following command in the terminal:
docker-compose -f docker-compose.yaml up -d
Deploying DAST Client Using Kubernetes
Use the following Kubernetes Deployment configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: dast-client
labels:
app: dast-client
spec:
replicas: 1
selector:
matchLabels:
app: dast-client
template:
metadata:
labels:
app: dast-client
spec:
containers:
- name: dast-client
image: appsentinels/dast-client:latest
env:
- name: saas_url
value: "AppSentinels-Platform-FQDN"
- name: api_key
value: "API-KEY"
- name: dast_client_tag
value: "dast client tag"
# Proxy setting for auth server to authenticate user to access the application
# - name: aut_auth_https_proxy
# value: "https://PROXY_IP:PORT"
# Proxy setting for accessing application under test
# - name: aut_https_proxy
# value: "https://PROXY_IP:PORT"
# Proxy setting for DAST client to connect with AppSentinels Cloud Platform
# - name: dast_server_https_proxy
# value: "https://PROXY_IP:PORT"
resources:
limits:
cpu: "2.99"
memory: "8192Mi"
volumeMounts:
- mountPath: /var/log/appsentinels-dast
name: log-volume
volumes:
- name: log-volume
hostPath:
path: /var/log/appsentinels-dast
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: dast-client-service
spec:
selector:
app: dast-client
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
---
To deploy the DAST Client using the above Kubernetes configuration, execute the following command in the terminal:
kubectl apply -f <kubernetes-deployment.yaml>