Use

Introduction

Hdiv .NET Agent is an Interactive Application Security Testing (IAST) which monitors activities from .NET Web applications deployed under IIS Server. In order to do so, Hdiv .NET agent must be attached to .NET sites. This can be done by using HdivAgentConfig.exe tool.

Starting

Once configuration settings have been defined, users can run the HdivAgentConfig.exe in a command line or powershell window with elevated permissions. By using this tool users can attach / detach Hdiv .NET Agent to each website individually or in a global fashion. At this point following requirements should be meet.

  • Run cmd / powershell in administration mode
  • IIS resets should be allowed at server machine

Navigate to root of HdivAgentConfig.exe application %Program Files%\Hdiv Security\Agent, and open a command window. Issuing the command

    HdivAgentConfig /s

will show a status report like this one

Status Report

HdivAgentConfig.exe options

From here you can inspect all Hdiv agent tool options by typing HdivAgentConfig.exe /? or inspecting Readme.txt file

Attach Hdiv .NET Agent to individual website

In order to attach Hdiv .NET Agent to an ASP.NET web site run the following syntax:

    HdivAgentConfig /ia:[siteName]

Filter activated

After running above command new local IIS filter will be configured for specific web application

For instance let's suppose we have and ASP.NET MVC website called SampleWeb

Usage

If this is the case we will run:

    HdivAgentConfig /ia:SampleWeb

After running the instruction for SampleWeb site, console application will show something similar to:

Usage

This way, SampleWeb application and related assemblies are now attached to Hdiv .NET Agent monitor actions. All new request to SampleWeb application will be analyzed by Agent inspectors

Detach Agent for individual website

In order to detach Hdiv .NET Agent to one ASP.NET MVC web site run the following syntax:

    HdivAgentConfig /ua:[siteName]

Filter deactivated

After running above command and in addition to local Agent detaching, specific local filter will be deleted from server machine

If we continue with previous example, ASP.NET MVC website SampleWeb:

Usage

If this is the case we will run:

    HdivAgentConfig /ua:SampleWeb

After running the instruction we will get something similar to:

Usage

Attach Hdiv .NET Agent Agent globally

Users can also make use of Hdiv .NET Agent in global mode, this means that attaching process will be performed over all .NET Websites (MVC, WebForms) configured at IIS.

As it was mention at installation guide, it's possible to define website exclusion lists by using ExcludedSites attribute at config file (HdivAgentConfig.exe.config) for skipping those sites from attaching process.

    HdivAgentConfig /i

Filter activated

After running above command new global IIS filter will be configured for all web applications

Detach Hdiv .NET Agent Agent globally

At the same time users can run detaching global process for restoring all sites to normal behaviour, this can be done by running:

    HdivAgentConfig /ua

Filter deactivated

After running above command and in addition to global Agent detaching, global filter will be deleted from server machine

App Monitoring Service

In order to ensure new deployed versions of the applications are properly watched we provide a Watcher Service that is stopped by default, but can be started by using the command

    HdivAgentConfig /sr

The Watcher Service can be stopped with the command

    HdivAgentConfig /ss

Service