AppSentinels DAST Client Deployment

The AppSentinels DATS (Dynamic Application Testing System) Client functions as an API penetration testing agent. It connects to the target application, logs in as an authenticated user, and performs comprehensive API security testing by generating and injecting various malicious payloads to identify potential vulnerabilities.

Deployment Options

The DATS Client can be deployed in two ways based on your infrastructure setup:

SaaS Deployment (Managed by AppSentinels)

On-Prem Deployment (Managed by Customer)

On-Prem DAST Client Deployment Prerequisites

The following requirements must be met for deploying the AppSentinels DAST Client:

System Requirements

Required Packages

Network Connectivity Requirements

Deployment Options

AppSentinels DAST Client is available as a containerized application and can be deployed in a Docker or Kubernetes environment.

AppSentinels DAST Client Configuration Parameters

The following table provides details of the essential configuration parameters required for deploying the AppSentinels DAST Client. These parameters define the DAST Client's connectivity, authentication, and integration with the application environment.

Parameter Description Example
saas_url The fully qualified domain name (FQDN) of the AppSentinels Security Platform. cloud.appsentinels.com
api_key The API key used to authenticate the DAST Client. *******
dast_client_tag DAST Client tag used to identify the DAST Client in the AppSentinels Security Platform. dast-client-orgname

Deploying DAST Client Using Docker-Compose

Use the following YAML configuration:

Copy
          
version: '3.8'
services:
    dast_client:
    image: appsentinels/dast-client:latest
    hostname: dast-client
    container_name: dast-client
    environment:
        - saas_url=<AppSentinels-Platform-FQDN>
        - api_key=<API-KEY>
        - dast_client_tag=<dast client tag>
        # Proxy setting for auth server to authenticate user to access the application
        #- aut_auth_https_proxy=https://PROXY_IP:PORT
        # Proxy setting for accessing application under test
        #- aut_https_proxy=https://PROXY_IP:PORT
        # Proxy setting for DAST client to connect with AppSentinels Cloud Platform
        #- dast_server_https_proxy=https://PROXY_IP:PORT
    deploy:
        resources:
        limits:
            cpus: '3'
            memory: 8192M
    networks:
        - dast-client-network
    logging:
        driver: syslog
        options:
        tag: appsentinels-dast-client
    volumes:
        - /var/log/appsentinels-dast/:/var/log/appsentinels-dast
        

To deploy the DAST Client using the above Docker Compose configuration, execute the following command in the terminal:

docker-compose -f docker-compose.yaml up -d

Deploying DAST Client Using Kubernetes

Use the following Kubernetes Deployment configuration:

Copy
          
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dast-client
  labels:
    app: dast-client
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dast-client
  template:
    metadata:
      labels:
        app: dast-client
    spec:
      containers:
        - name: dast-client
          image: appsentinels/dast-client:latest
          env:
            - name: saas_url
              value: "AppSentinels-Platform-FQDN"
            - name: api_key
              value: "API-KEY"
            - name: dast_client_tag
              value: "dast client tag"
            # Proxy setting for auth server to authenticate user to access the application
            # - name: aut_auth_https_proxy
            #   value: "https://PROXY_IP:PORT"
            # Proxy setting for accessing application under test
            # - name: aut_https_proxy
            #   value: "https://PROXY_IP:PORT"
            # Proxy setting for DAST client to connect with AppSentinels Cloud Platform
            # - name: dast_server_https_proxy
            #   value: "https://PROXY_IP:PORT"
          resources:
            limits:
              cpu: "2.99"
              memory: "8192Mi"
          volumeMounts:
            - mountPath: /var/log/appsentinels-dast
              name: log-volume
      volumes:
        - name: log-volume
          hostPath:
            path: /var/log/appsentinels-dast
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
    name: dast-client-service
spec:
    selector:
    app: dast-client
    ports:
    - protocol: TCP
    port: 80
    targetPort: 8080
    type: ClusterIP
---
        

To deploy the DAST Client using the above Kubernetes configuration, execute the following command in the terminal:

kubectl apply -f <kubernetes-deployment.yaml>