diff --git a/src/content/docs/iast/install.mdx b/src/content/docs/iast/install.mdx
index b3ae2da521a..0b7229bf3b5 100644
--- a/src/content/docs/iast/install.mdx
+++ b/src/content/docs/iast/install.mdx
@@ -9,44 +9,131 @@ freshnessValidatedDate: never
---
- Run IAST with non-production deployments only. IAST tests by invoking HTTP requests with an exploit payload. You must use IAST in non-production environments with only simulated data to avoid both data corruption and introducing exploits into your live code. In addition, when you run IAST on new code in pre-production, you catch potential vulnerabilities before they go live.
+ Run IAST with non-production deployments only. IAST tests the application by
+ invoking HTTP requests with an exploit payload. You must use IAST in
+ non-production environments with only simulated data to avoid both data
+ corruption and introducing exploits into your live code. In addition, when you
+ run IAST on new code in pre-production, you catch potential vulnerabilities
+ before they go live.
+
+ Before you start IAST installation, review the IAST testing steps and how exploitable vulnerabilities are detected.
+ For more information, refer: [IAST exploitable vulnerabilities](https://docs.newrelic.com/docs/iast/exploitable-vulns/)
+
+
+
+ - It is advisable to watch the [relevant application language video](/docs/iast/install/#check-out-these-demo-videos-for-setting-up-iast-with-different-application-languages) for successful installation of IAST.
+
+
To install New Relic IAST:
- Go to **[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** and click **Set up IAST with applications**.
+ 1. Go to **[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** and click **Install**.
+ 1. Click **Start trial** to start a free 30-day trial of IAST.
-
-
- Confirm IAST isn't running in a production environment and click **Continue**.
+ 1. To start trial of IAST, click **Set up IAST with applications**.
- Select the language of your application and complete the steps.
- 
+## Safety check
+
+ Make sure IAST is not running in the production environment and click **Continue**.
+
+
+
+
+## Select your application language
+
+ APM agent should already be installed with your application, for more information you can check our [APM documentation](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-apm/). Select your application's language and follow the steps. The supported application languages are: Java, Node.js, and Go.
+
+ Once you select the application language, make sure to follow the on-screen instructions.
+
+
+
+
+
+## Update the APM agent
+
+
+
+
+Update the APM agent to the latest version. The minimum version supported is: v8.9.0. To update the Java agent, follow these on-screen [instructions](https://docs.newrelic.com/docs/apm/agents/java-agent/installation/update-java-agent/) and verify the agent version using the command:
+
+```
+java -jar newrelic.jar -v
+
+```
+
+To configure the security agent, click **Next**.
+
+
+
+
+Update to the latest version of the agent (minimum v12.0.0). To update the Node.js agent, follow your standard procedures and run the following process as a terminal command or as a script:
+
+```
+npm install newrelic@latest
+
+```
+
+To configure the security agent, click **Next**.
+
+
+
+
+ Update to the latest version of the agent (minimum v3.30.0)
+ To update the Go agent, follow your standard procedures to run the following process as a terminal command or as a script.
+ From http://github.com/newrelic/go-agent, use this process:
+
+```
+go get -u github.com/newrelic/go-agent/v3/newrelic
+
+```
+
+To configure the security agent, Click **Next**.
+
+
+
+
+
+
- Make sure your `newrelic.yml` config file is updated as follows:
+
+ ## Configure the security agent
+
+
+
+
+ Configure the security agent by enabling the security agent settings. Make sure your `newrelic.yml` config file is updated as follows:
newrelic.yml config file}
+ title={<>newrelic.yml config file (This setting is common for EU and Fed users)}
>
```yml
security:
@@ -82,20 +169,104 @@ To install New Relic IAST:
```
-
-
- Once you've completed all the steps, restart your application and generate traffic against the application's APIs.
+ The code shown on-screen for **Configure the security agent** is the bare minimum requirement to start the IAST.
-
+ To fully configure the IAST, click `Advanced security agent configurations` and copy the **Security Config** code. Now open the **newrelic.yml** file and paste the copied code below `high_security: false` in the file.
-
- Click **See your data** to see an overview of your tested application.
+
+
+ `yml` is sensitive to indents and spacing, make sure the code pasted in **newrelic.yml** file is lined up underneath the high security settings.
+
+
+
+
+
+
+ Configure the security agent by enabling the security agent settings.
+
+ To enable the security agent, set the `security.enabled` and `security.agent.enabled` flag to true in the newrelic.js config file present at the root directory of your app.
+
+ Make sure that the `high_security` mode is turned off for the IAST to work.
+
+ The code shown above for **Configure the security agent** is the bare minimum requirement to start the IAST.
+
+ To fully configure the IAST, click `Advanced security agent configurations` and copy the **Security Config** code.
+
+
+
+
+ Configure the security agent by following the below steps:
+
+ 1. Add this integration to your application by importing.
+
+ From https://github.com/newrelic/go-agent/tree/master/v3/integrations/nrsecurityagent, use this command:
+
+ ```
+ import "github.com/newrelic/go-agent/v3/integrations/nrsecurityagent"
+
+ ```
+ 1. Enable IAST testing by adding code to initialize the integration after your call to `newrelic.NewApplication`.
+
+ ```
+ app, err := newrelic.NewApplication(
+ newrelic.ConfigAppName("Your Application Name"),
+ newrelic.ConfigLicense("NEW_RELIC_LICENSE_KEY"),
+ )
+
+ ```
+
+ Initialize the `nrsecurityagent` as given below:
+
+ ```
+ err := nrsecurityagent.InitSecurityAgent(
+ app,
+ nrsecurityagent.ConfigSecurityEnable(true),
+ nrsecurityagent.ConfigSecurityValidatorServiceEndPointUrl("wss://csec.nr-data.net"),
+ )
+
+ ```
+
+ 1. Please ensure that you wrap your framework router with the WrapRouter function for [Echo](https://pkg.go.dev/github.com/newrelic/go-agent/v3/integrations/nrecho-v4#WrapRouter), [Gin](https://pkg.go.dev/github.com/newrelic/go-agent/v3/integrations/nrgin#WrapRouter), [Gorilla](https://pkg.go.dev/github.com/newrelic/go-agent/v3/integrations/nrgorilla#WrapRouter) frameworks. This is crucial for detecting routes (API endpoints) and enabling provable security in your application.
+
+ 1. If you are opening an HTTP protocol endpoint, place the [newrelic.WrapListen](https://pkg.go.dev/github.com/newrelic/go-agent/v3/newrelic#WrapListen) function around the endpoint name to enable vulnerability scanning against that endpoint. For example:
+
+ ```
+ http.ListenAndServe(newrelic.WrapListen(":8000"), nil)
+
+ ```
+
+ **Note:** Skip this step if you are on linux environment.
+
+ 1. Based on additional packages imported by the user application, add suitable instrumentation package [Instrumentation packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages).
+
+ Make sure that the HighSecurity mode is turned off for the IAST to work.
+
+ Click **Next** to restart and test the application.
+
+
+
+
+
+
+
+
+ ## Restart and test the application
+
+ To start testing with the IAST agent, restart your application and generate traffic against your application’s APIs. Click **See your data** for an overview of your tested application.
+
+
-For more detailed instructions, check out these examples demo below.
+## Check out these demo videos for setting up IAST with different application languages
+
+