Usage
Introduction¶
Hdiv .NET Agent is an Interactive Application Security Testing (IAST) tool which monitors activities from .NET Web applications deployed under IIS Server.
Client Deployment¶
In order to allow Hdiv .NET Agent to rescue specific lines of code in which vulnerabilities are detected, web applications must be deployed with their synchronized .pdb files. By default, Debug builds include these files, but this is not the case for Release ones. However, it is possible to include .pdb files for Release compilations by defining a specific Project property feature. Follow these steps in order to include .pdb files for a Release build
- Under Visual Studio IDE, select the applications project and click on the Properties option
- Go to Package/Publish Web
- In the Configuration dropdownlist select Release
- Uncheck the Exclude generated debug symbols option and save the settings
- Rebuild the web application project
All .pdb files should match their corresponding assemblies
Starting¶
Once configuration settings has been defined, users can run the HdivAgentConfig.exe in a command line or powershell window with elevated permissions. By using this tool, users can monitor Hdiv .NET Agent configuration and status.
Remark
Hdiv .NET Agent will be active just after the installation process ends, with no need for additional user action.
- Run cmd / powershell in administration mode
- IIS resets should be allowed on the server machine
Navigate to root of HdivAgentConfig.exe application %Program Files%\Hdiv Security\Agent, and open a command window. Issuing the command
HdivAgentConfig /d
will show a diagnostics report like this:
HdivAgentConfig.exe options
From here you can inspect all Hdiv agent tool options by typing HdivAgentConfig.exe /? or inspecting the Readme.txt file
Disable agent¶
In order to disable the agent in the machine, run the following syntax:
HdivAgentConfig /up
Enable agent¶
To reenable the agent in the machine, run the following syntax:
HdivAgentConfig /ip
Clr2 applications¶
Clr2 apps support is enabled by default. In order to disable Clr2 and only support Clr4 applications, run the following command
HdivAgentConfig /ip:clr4
To enable Clr2 applications, run the following command
HdivAgentConfig /ip
.NET Agent at DEV Environment¶
Hdiv agent will work on any application running in an IIS server, allowing debugging of the code. The only limitation in this scenario is the inability to edit and continue .net code
Remark
If you are using an older version of the agent using a legacy approach (not CLR Profiling agent) you can find usage instructions here