Skip to content
Home IAST Tools Hdiv Detection
Hdiv Detection

Hdiv Detection

ACQUIRED
Category: IAST
License: Commercial
Visit Website →
Suphi Cankurt
Suphi Cankurt
AppSec Enthusiast
Updated February 14, 2026
4 min read
Key Takeaways
  • Acquired by Datadog in May 2022 — technology integrated into Datadog Application Security Management (ASM).
  • Used runtime dataflow analysis for Java and .NET with a zero false positive design, delivering findings with exact file and line numbers.
  • Tracked data propagation from input sources to sensitive sinks to detect injection, XSS, and path traversal vulnerabilities.
  • Organizations still using Hdiv should migrate to Contrast Security, Datadog IAST, or HCL AppScan IAST.

Hdiv Detection was an Interactive Application Security Testing (IAST) solution that identified vulnerabilities through runtime dataflow analysis.

The platform monitored application execution to pinpoint security issues with exact file and line number locations, delivering findings to development teams without false positives.

Datadog acquired Hdiv Security in May 2022, integrating its runtime analysis technology into Datadog Application Security Management (ASM). The standalone Hdiv product is no longer maintained.

What is Hdiv Detection?

Hdiv Detection operated by instrumenting Java and .NET applications at runtime, observing how data flows through the application during normal operation or testing.

Unlike SAST tools that analyze static code or DAST tools that probe applications externally, IAST combines both perspectives by watching code execute with full visibility into internal behavior.

The platform traced user input from entry points through transformations and validations to sensitive operations like database queries or system commands.

When untrusted data reached a dangerous sink without proper sanitization, Hdiv flagged the exact code location responsible.

This runtime context eliminated the false positives common in static analysis while providing deeper coverage than black-box scanning.

Key Features

Runtime Dataflow Analysis

Hdiv instrumented applications to track data propagation in real-time.

The analysis engine understood:

  • Source identification: HTTP parameters, headers, cookies, file uploads
  • Transformation tracking: Encoding, parsing, string manipulation
  • Sanitization recognition: Input validation, encoding functions
  • Sink monitoring: SQL queries, command execution, file operations

This comprehensive tracking enabled accurate detection of injection vulnerabilities, XSS, path traversal, and other data-dependent security issues.

Zero False Positive Architecture

By observing actual application behavior rather than inferring from static code, Hdiv achieved near-zero false positive rates.

The platform only reported vulnerabilities when:

  1. Untrusted data actually reached a dangerous operation
  2. No effective sanitization occurred along the data path
  3. The vulnerability was exploitable in the runtime context

Developers received actionable findings rather than theoretical warnings requiring extensive triage.

Precise Vulnerability Location

Each finding included exact source code locations:

Vulnerability: SQL Injection
Severity: Critical
File: /src/main/java/com/app/UserRepository.java
Line: 47
Method: findUserByEmail(String email)

Data Flow:
  Source: HTTP Parameter 'email' (UserController.java:23)
  → Transform: toLowerCase() (UserService.java:31)
  → Sink: executeQuery() (UserRepository.java:47)

Remediation: Use parameterized queries instead of string concatenation

DevOps Integration

Hdiv integrated with CI/CD pipelines to provide security feedback during development and testing.

The platform supported:

  • Jenkins, GitLab CI, and Azure DevOps integration
  • REST API for custom automation
  • IDE plugins for real-time feedback
  • Issue tracker integration (Jira, GitHub Issues)

How Hdiv Worked

Agent Installation

For Java applications, Hdiv attached as a Java agent:

# Add JVM argument
java -javaagent:/path/to/hdiv-agent.jar \
     -Dhdiv.config=/path/to/hdiv.properties \
     -jar application.jar

For .NET applications, the agent installed as an IIS module or attached to the runtime.

Configuration

# hdiv.properties
hdiv.server.url=https://hdiv-server.company.com
hdiv.api.key=your-api-key
hdiv.application.name=my-application
hdiv.environment=development

# Vulnerability detection
hdiv.detection.sqli=true
hdiv.detection.xss=true
hdiv.detection.pathtraversal=true
hdiv.detection.commandinjection=true

# Exclusions
hdiv.exclude.urls=/health,/metrics

Running Analysis

With the agent attached, Hdiv analyzed the application during normal operation:

  1. Development: Developers ran applications locally with the agent attached
  2. Testing: QA executed test suites while Hdiv monitored for vulnerabilities
  3. Staging: Pre-production environments provided production-like coverage
  4. Production: Optional runtime protection mode (Hdiv Protection)

Integration Examples

Jenkins Pipeline

pipeline {
    agent any
    stages {
        stage('Build') {
            steps {
                sh 'mvn clean package'
            }
        }
        stage('Security Test') {
            steps {
                // Start application with Hdiv agent
                sh '''
                    java -javaagent:hdiv-agent.jar \
                         -Dhdiv.api.key=${HDIV_API_KEY} \
                         -jar target/app.jar &
                    sleep 30
                '''
                // Run tests to exercise application
                sh 'mvn test -Dtest=*IntegrationTest'

                // Check Hdiv results
                sh 'curl -f https://hdiv-server/api/scan/${BUILD_ID}/status'
            }
        }
    }
}

GitLab CI

security-test:
  stage: test
  script:
    - |
      # Start application with Hdiv instrumentation
      java -javaagent:hdiv-agent.jar \
           -Dhdiv.api.key=$HDIV_API_KEY \
           -Dhdiv.application.name=$CI_PROJECT_NAME \
           -jar app.jar &

      # Wait for startup
      sleep 30

      # Run integration tests
      mvn verify -Pintegration-tests

      # Fetch Hdiv results
      curl "https://hdiv-server/api/results?app=$CI_PROJECT_NAME&build=$CI_PIPELINE_ID" \
           -H "Authorization: Bearer $HDIV_API_KEY" \
           -o hdiv-results.json

      # Fail on critical findings
      CRITICAL=$(jq '.findings | map(select(.severity == "CRITICAL")) | length' hdiv-results.json)
      if [ "$CRITICAL" -gt 0 ]; then
        echo "Found $CRITICAL critical vulnerabilities"
        exit 1
      fi
  artifacts:
    reports:
      junit: hdiv-results.xml

Current Status and Alternatives

Datadog acquired Hdiv Security in May 2022 and integrated its IAST capabilities into Datadog ASM. The standalone Hdiv product is no longer maintained.

Organizations previously using Hdiv should consider these alternatives:

AlternativeTypeNotes
Contrast SecurityIASTMarket leader with similar zero-false-positive approach
Datadog IASTIASTIntegrated with Datadog APM platform
Checkmarx IASTIASTPart of Checkmarx application security suite
Synopsys SeekerIASTEnterprise IAST with broad language support

When Hdiv Was Used

Hdiv Detection suited Java and .NET development teams seeking accurate vulnerability detection without false positive noise.

The runtime analysis approach worked particularly well for:

  • Complex applications with dynamic behavior difficult to analyze statically
  • Development teams with limited security expertise for triage
  • Organizations integrating security testing into CI/CD pipelines
  • Environments where DAST scanning faced authentication challenges

The technology represented a significant advancement over pure static or dynamic analysis, and the core concepts continue in current IAST products from other vendors.

Organizations evaluating IAST solutions today can apply similar selection criteria while choosing from actively maintained platforms.

Note: Acquired by Datadog in May 2022. Technology integrated into Datadog ASM.

Frequently Asked Questions

What is Hdiv Detection?
Hdiv Detection was an IAST solution that identified vulnerabilities through runtime dataflow analysis, delivering findings with exact file and line number locations.
Is Hdiv Detection still maintained?
No. Hdiv Security ceased active development and maintenance around 2024. Organizations should migrate to alternatives like Contrast Security or Datadog IAST.
What did Hdiv Detection detect?
It detected injection vulnerabilities, XSS, path traversal, and other data-dependent security issues by tracking data propagation from input sources to sensitive sinks.
How did Hdiv Detection work?
It instrumented Java and .NET applications at runtime using a Java agent, observing how data flows through the application and flagging vulnerabilities when untrusted data reached dangerous operations without sanitization.
How we review tools Suggest an edit

Other IAST Tools

Contrast Assess
Contrast Assess

Runtime IAST with Low False Positives

Seeker IAST
Seeker IAST

Active Vulnerability Verification

Acunetix AcuSensor
Acunetix AcuSensor

Line-of-Code Details

Checkmarx IAST
Checkmarx IAST

Unified AppSec Platform Integration

Datadog Code Security (IAST)
Datadog Code Security (IAST)

APM-Integrated Vulnerability Detection

Fortify WebInspect Agent (IAST)
Fortify WebInspect Agent (IAST)

Runtime Code-Level Reporting

See all IAST tools

Complement with DAST

Pair runtime instrumentation with dynamic testing for broader coverage.

Burp Suite
Burp Suite

Web Application Pentesting Toolkit

Tenable Web App Scanning
Tenable Web App Scanning

Nessus-Powered Cloud DAST with Attack Surface Management

See all DAST tools

Learn More

What is SAST? What is DAST? What is IAST? What is RASP? SAST vs DAST vs IAST SAST vs SCA

Explore our Application Security Testing resource hub