Table of contents


Agents can be installed only in Linux environments. Windows is not supported.

Application Security's Java agent is compatible with the following components:

Supported versions

Component Version
Spring Framework 3.2 to 5
SpringBoot 1.x and 2.x
MySQL (mysql-connector-java) 5.0.5 and newer
PostgreSQL 9.1 and newer
Oracle JDBC 4
HSQLDB 1.8 and newer
H2 1.4 and newer
Tomcat 7.0, 8.x., and 9

Requires Agent version 4.3.2 or newer.

Jetty 8.1 up to 9.4.33
Netty 3.10, 4.0, 4.1
WebSphere 8 or 9
Java 8, 10, 11, 14, and 15
Liferay 7.3.4

Requires Agent version 4.3.2 or newer.

Code protection features

Some of the code protection features are enabled only when specific components are used in the application. The table below lists the required components for a code protection feature to be enabled.

Feature Requires
SQL Injection
  • Tomcat, Jetty, Netty or WebSphere
  • MySQL, PostgreSQL, Oracle, HSQLDB, H2
Remote Command Execution Tomcat, Jetty, Netty or WebSphere
Illegal File Access Tomcat, Jetty, Netty or WebSphere
Open Redirect
  • Tomcat, Jetty, Netty or WebSphere
  • Spring Framework, Finagle, Play
Malicious Payload Tomcat, Jetty, Netty or WebSphere
Malicious File Upload Tomcat, Jetty or WebSphere

Download the agent

The Java agent is available from the Download page.

Install the agent

The Application Security java agent is provided as a jar file that needs to be configured as javaagent on the jvm command line.

  1. Add the java agent jar to the web application package, ensuring the jar file is in the class path. For example in the web application <root folder>/lib.
  2. Create the agent configuration file, which includes the key and secret among other configuration properties. The properties file needs to be in the classpath, alternatively, the configuration parameter com.trend.app_protect.config.file can be configured on the jvm command line to point to the properties file. The agent will look in the following locations for a config file. The first one found will be used.

    • A file location specified via the com.trend.app_protect.config.file system property. Eg.: pass -Dcom.trend.app_protect.config.file=/path/to/ to java.
    • in the same directory of the trend_app_protect-X.X.X.jar.
    • in the resources of your project.

The java agent and properties file configuration can be added to environment variables depending on the application server the application is running with, in order to be set on the jvm command line. Refer to the list below.

The Key and Secret can be found under Group Settings > Group Credentials.

The environment variables will take precedence over the configuration file.


The following properties are required for the agent to connect to the Application Security service:

key = <Your key>
secret = <Your secret>

Configure the agent to communicate with the proper Trend Micro Cloud One region

If you are using a Cloud One region other than 'us-1', you need to configure the agent's connectivity for the region.