Java
Introduction
SecureNative Java agent provides application security monitoring and protection from OWASP TOP 10 security threats at run-time through dynamic instrumentation of business logic and user behaviour.
Compatibility
The Java agent requires a specific framework to run since it's compatible with the framework you already use:
Java frameworks
However, for some advanced features a specific web framework is required. We support most of the popular web frameworks:
- Spring (Servlets)
We constantly adding support for new frameworks, if your framework is missing, please contact us.
Java Versions
Java 8 is minimum requirement
Operating Systems
There is no specific version requirement of operation system, only requirements enforced by node version compatibility, we also play nice with docker!
- macOS
- Linux
- Windows
Installation
Please create free account at register to get api key.
Install SecureNative package
Open your favorite terminal, navigate to your application folder and run the following command:
Download the agent:
- Go to https://search.maven.org/artifact/com.securenative.java/com.securenative.java
- Select latest version
- Click on Downloads button and select JAR
-javaagent:/path/to/securenative.jar
-Dsecurenative.apikey=<your secret key>
-Dsecurenative.appname=<your application name>
Configuration
Minimal Configuration
At minimum SECURENATIVE_API_KEY is required, you can pass it in multiple ways:
- As environment variable (recommended)
export SECURENATIVE_API_KEY="YOUR_SECRET_KEY_HERE"
- Using configuration file (choose this for development environment)
cat > securenative.env <<EOF
{
"SECURENATIVE_APP_NAME": "YOUR_APPLICATION_NAME",
"SECURENATIVE_API_KEY": "YOUR_API_KEY"
}
EOF
Advanced Configurations
Change those options only if you know what your are doing
| Option | Type | Optional | Default Value | Description |
|---|---|---|---|---|
| SECURENATIVE_API_KEY | string | false | none | SecureNative api key |
| SECURENATIVE_APP_NAME | string | false | package.json | Name of application source |
| SECURENATIVE_API_URL | string | true | https://api.securenative.com/v1/collector | Default api base address |
| SECURENATIVE_INTERVAL | number | true | 1000 | Default interval for SDK to try to persist events |
| SECURENATIVE_HEARTBEAT_INTERVAL | number | true | 1000 | Default agent hearbeat interval |
| SECURENATIVE_MAX_EVENTS | number | true | 1000 | Max in-memory events queue |
| SECURENATIVE_TIMEOUT | number | true | 1500 | API call timeout in ms |
| SECURENATIVE_AUTO_SEND | Boolean | true | true | Should api auto send the events |
| SECURENATIVE_DISABLE | Boolean | true | true | Allow to disable agent functionality |
| SECURENATIVE_DEBUG_MODE | Boolean | true | false | Displays debug info to stdout |
Managing Agent
There are additional operations that you can perform to manage the agent
Disabling Agent
To disable the agent functionality you can set SECURENATIVE_DISABLE=true, this instructs the agent to disable all instrumentation functionality, that way the agent will not impact your application and won't need to remove the integration from your code
Updating Agent
To update the agent to the latest version, run the following command:
- Go to https://search.maven.org/artifact/com.securenative.java/com.securenative.java
- Select latest version
- Click on Downloads button and select JAR
We highly recommend updating your agent to get new features and performance improvements
Uninstalling Agent
To uninstall the SecureNative agent, remove the -javaagent parameter from the JVM command.