AppSentinels DAST Client Deployment

The AppSentinels DATS (Dynamic Application Testing System) Client functions as an API penetration testing agent. It connects to the target application, logs in as an authenticated user, and performs comprehensive API security testing by generating and injecting various malicious payloads to identify potential vulnerabilities.

Deployment Options

The DATS Client can be deployed in two ways based on your infrastructure setup:

SaaS Deployment (Managed by AppSentinels)

The DATS Client is hosted in AppSentinels' data center.
Ideal when the application under test is externally accessible from the AppSentinels infrastructure.

On-Prem Deployment (Managed by Customer)

The DATS Client is deployed inside the customer's internal network.
Both the application under test and the AppSentinels SaaS platform must be reachable from the on-prem environment.

On-Prem DAST Client Deployment Prerequisites

The following requirements must be met for deploying the AppSentinels DAST Client:

System Requirements

Operating System: Ubuntu 22.04 or later / Red Hat 8.6 or later
CPU: 2 cores (x86_64)
RAM: 6 GB
Disk Space: 50 GB of free space in the /var partition

Required Packages

Docker: Version 23.0 or higher
Docker Compose: Version 1.28.6 or higher (if deploying with docker-compose)

Network Connectivity Requirements

Outbound TCP Port 443 must be open in the firewall to enable data transmission to the AppSentinels Security Platform.
DAST Client reachability to application server
Access to Docker repositories is required to download the image. The following domains must be whitelisted:
- docker.io
- auth.docker.io
- registry-1.docker.io
- production.cloudflare.docker.com

Deployment Options

AppSentinels DAST Client is available as a containerized application and can be deployed in a Docker or Kubernetes environment.

AppSentinels DAST Client Configuration Parameters

The following table provides details of the essential configuration parameters required for deploying the AppSentinels DAST Client. These parameters define the DAST Client's connectivity, authentication, and integration with the application environment.

Parameter	Description	Example
saas_url	The fully qualified domain name (FQDN) of the AppSentinels Security Platform.	cloud.appsentinels.com
api_key	The API key used to authenticate the DAST Client.	*******
dast_client_tag	DAST Client tag used to identify the DAST Client in the AppSentinels Security Platform.	dast-client-orgname

Deploying DAST Client Using Docker-Compose

Use the following YAML configuration:

          
version: '3.8'
services:
    dast_client:
    image: appsentinels/dast-client:latest
    hostname: dast-client
    container_name: dast-client
    environment:
        - saas_url=<AppSentinels-Platform-FQDN>
        - api_key=<API-KEY>
        - dast_client_tag=<dast client tag>
        # Proxy setting for auth server to authenticate user to access the application
        #- aut_auth_https_proxy=https://PROXY_IP:PORT
        # Proxy setting for accessing application under test
        #- aut_https_proxy=https://PROXY_IP:PORT
        # Proxy setting for DAST client to connect with AppSentinels Cloud Platform
        #- dast_server_https_proxy=https://PROXY_IP:PORT
    deploy:
        resources:
        limits:
            cpus: '3'
            memory: 8192M
    networks:
        - dast-client-network
    logging:
        driver: syslog
        options:
        tag: appsentinels-dast-client
    restart: always
    volumes:
        - /var/log/appsentinels-dast/:/var/log/appsentinels-dast

To deploy the DAST Client using the above Docker Compose configuration, execute the following command in the terminal:

docker-compose -f docker-compose.yaml up -d

Deploying DAST Client Using Kubernetes

Use the following Kubernetes Deployment configuration:

          
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dast-client
  labels:
    app: dast-client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dast-client
  template:
    metadata:
      labels:
        app: dast-client
    spec:
      containers:
        - name: dast-client
          image: appsentinels/dast-client:latest
          env:
            - name: saas_url
              value: "AppSentinels-Platform-FQDN"
            - name: api_key
              value: "API-KEY"
            - name: dast_client_tag
              value: "dast client tag"
            # Proxy setting for auth server to authenticate user to access the application
            # - name: aut_auth_https_proxy
            #   value: "https://PROXY_IP:PORT"
            # Proxy setting for accessing application under test
            # - name: aut_https_proxy
            #   value: "https://PROXY_IP:PORT"
            # Proxy setting for DAST client to connect with AppSentinels Cloud Platform
            # - name: dast_server_https_proxy
            #   value: "https://PROXY_IP:PORT"
          resources:
            limits:
              cpu: "2.99"
              memory: "8192Mi"
          volumeMounts:
            - mountPath: /var/log/appsentinels-dast
              name: log-volume
      volumes:
        - name: log-volume
          hostPath:
            path: /var/log/appsentinels-dast
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
    name: dast-client-service
spec:
    selector:
    app: dast-client
    ports:
    - protocol: TCP
    port: 80
    targetPort: 8080
    type: ClusterIP
---

To deploy the DAST Client using the above Kubernetes configuration, execute the following command in the terminal:

kubectl apply -f <kubernetes-deployment.yaml>