INSTALLATION

You must first install the Adversa SDK Tools to begin.
Run the terminal script below and follow the on-screen instructions.

... detecting platform ...

Overview


The following will guide you through the process of carrying out your first security assessment using Adversa SDK Tools. Before you begin, please make sure you've installed Adversa SDK Tools and have completed any requested on-screen instructions.

Adversa SDK Tools supports both evaluation and commercial variants of licensing. The evaluation license does not expire but will only test for SQL Injection, Cross-Site Scripting and XML External Entities. Default installations of Adversa SDK Tools will be limited to an evaluation license.

A commercial license will provide access to the full suite of security tests as described in the knowledgebase as well as the ability to break builds within CI/CD pipeline(s). You may purchase a commercial license online.

Assessment


The assess command will allow you to passively monitor your application for security vulnerabilities using the SDK specified by the --sdk argument. This command need only be prefixed to the command you currently use to run your application. The format of the command is as follows:

$ adversa assess --sdk [name] -- [command]

Tools will fork and exec your command with all of the runtime configurations necessary to passively monitor application behaviors for security vulnerabilities using the SDK denoted by name. As you interact with your application, either manually or via automated scripts, behaviors indicative of vulnerabilities will be printed to stdout for your review.

Visit the knowledgebase to learn more about the security tests performed.

  • JVM
    Assess via Gradle Tests

    The Gradle Build Tool provides a means of automatically running unit and integration tests during the build process. Adversa SDK Tools will passively monitor your application for security vulnerabilities while you're executing your automated Gradle tests. The following example illustrates how to integrate passive security testing within your Gradle build.

    $ adversa assess --sdk jvm -- gradle build
                                                
    Assess via Maven Tests

    The Apache Maven project provides a means of automatically running unit and integration tests during the build process. Adversa SDK Tools will passively monitor your application for security vulnerabilities while you're executing your automated Maven tests. The following example illustrates how to integrate passive security testing within your Maven build.

    $ adversa assess --sdk jvm -- mvn verify
                                                
    Assess via Manual or 3rd Party Tests

    Many integration and regression tests are carried out manually or via the use of 3rd party tools or products. Passive security testing can be integrated in such cases by modifying how you start your Java application. Adversa SDK Tools will passively monitor your application for security vulnerabilities while you carry out your manual or 3rd party tests. The following example illustrates how to integrate passive security testing within your Java application.

    $ adversa assess --sdk jvm -- java -jar target/app-0.0.1-SNAPSHOT.jar
                                                

Documentation


Thank you for taking the time to install Adversa SDK Tools. If you wish to better understand the many capabilities exposed by Adversa SDK Tools or if you encountered trouble during installation, please check out our documentation for support. This will provide guidance on numerous topics, which includes the following: