Free & Open Tools


Posted by Aspect Security

SpyFilter is a simple demonstration of the power of IAST (Intrinsic Application Security Testing). You can simply drop the jar file into the WEB-INF/lib folder of your web application and then use your application as normal. When you’re ready, you can visit {$appname}/spy to see a sitemap and explore all the traces for your requests. It should be more than sufficient to sync your dynamic (DAST) scanner findings with the source code for better findings.

 Pro Tip: use the &depth=4 parameter to set the stacktrace depth!. For older containers you may need to add a filter mapping to web.xml like this:

   <url -pattern>/*</url>

For more information on how you can use IAST to improve your scan and penetration testing results, please contact us at

Download SpyFilter