Skip to main content

System Architecture

The IAST system consists of the following three main building blocks:

  • CxClient - The user of the application that is subject to testing with his development tools.

  • CxIAST Management Server - The IAST engine, the authentication system and the database.

  • AUT Environment - The application under testing and the Agent. The agent is responsible for monitoring the execution of the application and for collecting security related data. All collected data is sent to the CxDetector for thorough analysis.

The components in each building block are listed and explained below.

IAST_Architecture.png

The components in each building block are listed and explained below.

CxClient

Web Browser (CxIAST Dashboard)

The main interface/dashboard for controlling CxIAST managing the Management Server viewing scan results.

Development Tools (API)

CxIAST supports REST-based development APIs that provide the possibility for integration or customization using configurable API requests.

CI Plugins

The Jenkins plugin is not supported anymore.

CxIAST Management Server

CxManager

Manages the CxIAST Management Server, performs all system tasks and integrates system components.

Database

Stores scan results.

Authentication

Access Control, a user management solution for user administration and authentication. Using Access Control, user administration managers are provided with a universal view of user access rights and a centralized management console to define unified access control management for all CxIAST users.

CxDetector

Collects and stores all raw data sent from CxAgent. A set of security queries (Query language) then runs against the data, detects vulnerabilities and sends notification to the IAST Dashboard.

AUT Environment

Application #

The application(s) that are subject for scanning. Once a new application is added, it is registered on the CxIAST Management Server. Once it is registered, a new project is automatically created for it. All projects become visible on the IAST Dashboard with no action required by the user.

CxAgent

The CxIAST Agent is responsible for monitoring the application activity and collecting security related data. All collected data is sent to CxDetector for thorough analysis.

Once the agent is installed in the AUT Environment, it automatically starts monitoring all running applications.

Note

  • IAST clients and the CxIAST Management Server communicate via HTTP. The CxIAST Management Server and the AUT Environment communicate via HTTP as well.

  • IAST supports a distributed architecture, when many AUT Environments are configured to work with the same CxIAST Management Server.