About DongTai IAST
DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java and Python are supported for vulnerability detection.
DongTai IAST has multiple basic services, including DongTai-web, DongTai-webapi, DongTai-openapi, DongTai-engine, agent, DongTai-deploy, DongTai-Base-Image and DongTai-Plugin-IDEA:
DongTai-webis the product page of DongTai, which is used to handle the interaction between users and cave states.DongTai-webapiis responsible for handling user-related operations.DongTai-openapiis used to process the registration/heartbeat/call method/third-party component/error log data reported byagent, issue hook strategy, issue probe control commands, etc.DongTai-engineanalyzes whether there are vulnerabilities in HTTP/HTTPS/RPC requests according to the calling method data and taint tracking algorithm, and is also responsible for other related timing tasks.agentis a probe module of DongTai, including data collection terminals in different programming languages, used to collect data during application runtime and report to theDongTai-OpenAPIservice.DongTai-deployis used for the deployment of DongTai IAST, including docker-compose single-node deployment, Kubernetes cluster deployment, etc. If you want a deployment plan, you can add features or contribute to the deployment plan.DongTai-Base-Imagecontains the basic services that DongTai depends on runtime, including MySql, Redis.DongTai-Plugin-IDEAis the IDEA plug-in corresponding to the Java probe. You can run the Java probe directly through the plug-in and detect the vulnerabilities directly in IDEA.
Scenario
The usage scenarios of "DongTai IAST" include but not limited to:
- Embed the
DevSecOpsprocess to realize automatic detection of application vulnerabilities/third-party component combing/third-party component vulnerability detection. - Common vulnerability mining for open source software/open source components.
- Security testing before release, etc.
Quick start
DongTai IAST supports SaaS Service and Localized Deployment. Please refer to Deployment Document for localized deployment.
1. SaaS Version
2. Localized Deployment Version [Open Source for Jointly Partnership]
Please follow the instructions bellow to apply the localized deployment version
DongTai IAST supports a variety of deployment schemes which refer to Deployment Document:
- Stand-alone Deployment
- Cluster Deployment
Docker-compose
$ git clone [email protected]:HXSecurity/DongTai.git
$ cd DongTai
$ chmod u+x build_with_docker_compose.sh
$ ./build_with_docker_compose.shHow To Apply
DongTai IAST Jointly Partnership Program, registration address
Contributing
Contributions are welcomed and greatly appreciated. Further reading — CONTRIBUTING.md for details on submitting patches and contribution workflow.
Any questions? Let's discuss in #DongTai discussions
Futher Resources
You may be interested in:
>> Is a Chromebook worth replacing a Windows laptop?
>> Find out in detail the outstanding features of Google Pixel 4a
>> Top 7 best earbuds you should not miss
Related Posts:
>> Recognizing 12 Basic Body Shapes To Choose Better Clothes
>>Ranking the 10 most used smart technology devices
>> Top 5+ Best E-readers: Compact & Convenient Pen
0 Comments:
Post a Comment