Installing and Configuring Acunetix 360 On-Premises

Acunetix 360 is available as an On-Demand and On-Premises solution. Acunetix 360 On-Premises is identical to the hosted version in terms of features and capabilities, but since it runs on your own servers and network, there are a few things to note:

  • You can scan any internal web application without the need to allow incoming access through corporate firewalls.
  • No internet connection is required.
  • Acunetix 360 On-Premises can also be easily deployed on Amazon Web Services (AWS), Microsoft Azure, Google Cloud, or any other type of private cloud environment.
  • If your business has to adhere to strict regulatory compliance requirements and policies or you have concerns with your data being stored on our servers, you can still take advantage of Acunetix 360's workflow tools, and scaling and scanning capabilities. That is because the On-Premises edition can be installed on your own servers that are managed by your own team.
  • No data will leave the On-Premises edition of Acunetix 360.

This article explains how to install Acunetix 360 On-Premises.

NOTE: All Acunetix editions support IPv6 both as servers and agents. This means you can configure the Acunetix 360 On-Premises server to use IPv6, and Acunetix 360 can scan websites that use IPv6.

Components and architecture

Acunetix 360 On-Premises contains five parts which are explained in the table below:

Component

Explanation

Application Server

This provides the web interface that enables the efficient administration and automation of scans. This is the application that users will see and use via the Acunetix 360 UI.

Agent

This is a service application that executes scans and informs the Acunetix 360 Application Server of the results. A single agent can only run one scan at a time. If you want to run more than one scan at a time, you will need to install more agents.  

Authentication Verifier

This is a service application that verifies form-based login authentication configuration. This is an optional component. If you are scanning websites that require form authentication, you need to install it.

Authentication Verifier Service

This is a service application that establishes communication between the Authentication Verifier Agent and the Acunetix 360 Application Server. This is an optional component. If you are scanning websites that require form authentication, you need to install it.

Acunetix 360 Bridge

This is a service application that is used to relay information from the AcuSensor agent to the scanning agent. This is an optional component. If you are using AcuSensor for Java, .NET, and Node.js, you need to install this bridge.

The following diagram shows the architecture of Acunetix 360 On-Premises.

Prerequisites

This section lists the minimum requirements for installing each of the components of Acunetix 360 On-Premises.

IMPORTANT: Some antivirus or anti-malware software may prevent Acunetix 360 On-Premises from working or cause it to run very slowly. To ensure you can use Acunetix 360 On-Premises effectively, we recommend adding Acunetix 360 files and folders to your antivirus (or other protection scanning software) exception list (also known as a 'whitelist' or 'allowlist').

For more information about the Acunetix 360 files and folders we recommend excluding from your antivirus software, refer to Excluding Acunetix 360 files from antivirus scans.

Minimum Requirements for the Acunetix 360 Application Server

All components (the Application Server, the Agent, the Authentication Verifier Agent, the Authentication Verifier Service, the Acunetix 360 Bridge, and the Database Server) can be installed on the same server if the hardware meets the listed requirements.

TIP: We highly recommend that you install the Webapp, Agents and DB on separate servers to maximize stability and performance.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • Web Server (IIS) role should be installed on the server
  • IIS 10
  • .NET Framework 4.8

Hardware requirements

Minimum: 2x cores CPU, 4GB RAM, 5 GB Free Disk Space

This specification is applies to using the Acunetix360 interface and scanning a few simple websites.

While Acunetix360 may run on a machine with a lower specification than this, we do not recommend doing so for performance reasons.

Recommended : 2x cores CPU, 16GB RAM, 20 GB Free Disk Space

This is a good general-purpose specification.

Advanced: 4x cores CPU, 32GB RAM, 50 GB Free Disk Space

If you have a large number of users, advanced websites and want to run a large number of scans simultaneously, you can choose this option.

Access requirements

  • RDP credentials and access as a user with Administrator rights
  • Can be installed by an Acunetix Engineer (or the user) using the provided installer

Minimum Requirements for the Acunetix 360 Agent

These are the minimum requirements for Acunetix 360 Agent.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • .NET 6

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 4 GB RAM or higher recommended
  • 10 GB free disk space for each internal agent

Network requirements

  • The Agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port

Access requirements

  • Installation of the Agent requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for the Authentication Verifier Service and Authentication Verifier

These are the minimum requirements for installing the Acunetix 360 Authentication Verifier Service and Authentication Verifier Agent.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • .NET 6 for Authentication Verifier Agent
  • .NET 6 for Authentication Verifier Service

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 1 GB RAM (4 GB or higher recommended)
  • 2 GB Free Disk space (5 GB or higher recommended)

Network requirements

  • The Authentication Verifier Agent needs to be able to access the Authentication Verifier Service's HTTP(S) port. (Default port: 5000)
  • Enterprise users should access the Invicti Authentication Verifier Service Hub publicly. (Default port: 5000)
  • The Authentication Verifier Service needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port

Access requirements

  • Installation of the Authentication Verifier and Authentication Verifier Service requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for Acunetix 360 Bridge

These are the minimum requirements for installing the Acunetix 360 Bridge.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 4 GB RAM or higher recommended

Network requirements

  • The Acusensor Bridge Service needs to be able to listen to the Acunetix 360 Application Server’s HTTP(S) (7880) port

Access requirements

  • Installation of the Acunetix 360 Bridge requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for the Database Server

These are the minimum requirements for the Database Server.

IMPORTANT: The database is not provided by Acunetix. You must set it up yourself.

Software requirements

  • Microsoft SQL Server 2016 or later (Microsoft SQL Server 2019 or later recommended)

Hardware requirements

  • Same as the Application Server requirements above

Network requirements

  • The Acunetix 360 Application Server needs to access this database server for the relevant port (1433 by default) or it needs to be on the same server

Access requirements

  • An SQL Server database login with the db_owner role
  • The Name of an empty SQL Server database
  • The Database Collation field should be configured as case-insensitive

NOTE: The db_owner permission is required during installation and updating. The db_datareader and db_datawriter roles are enough for daily operation.

Downloading the installer files

These files are conveniently downloaded in a .zip file.

How to download the installer files

  1. Download to your server the Acunetix360.zip file that was emailed to you.
  2. Extract the .zip file to a directory
  3. Check that these five files are in the directory:
  • WebAppSetup.exe (Acunetix 360 Application Server installer)
  • AgentSetup.exe (Acunetix 360 Agent installer)
  • AuthVerifierSetup.exe (Acunetix 360 Authentication Verifier installer)
  • AuthVerifierServiceSetup.exe (Acunetix 360 Authentication Verifier Service installer)
  • IASTBridgeSetup.exe (Acunetix 360 Bridge installer)

Installing the Acunetix 360 Application Server

The Acunetix 360 Application Server is installed using a wizard. The wizard has two parts:

  • The Acunetix 360 Web Application
  • The Acunetix 360 Authentication Verifier Service

NOTE: The Authentication Verifier Service is an optional part of this installation process. You can install the Authentication Verifier Service whenever you want. For more information about installing the verifier service, refer to Authentication Verifier Settings.

The following instructions explain how to install the Web Application and Verifier Service at the same time.

How to install the Acunetix 360 Application Server and Authentication Verifier Service

  1. Run the WebAppSetup.exe file and select Next.
  2. On the End-User License Agreement step, accept the license agreement, and select Next.

  1. On the Ready to Install step, select Next to install the Web Application Server, and wait for a while.

  1. The installation asks you to install the prerequisite: The Authentication Verifier Service.
  2. On the Welcome to the Prerequisites Setup Wizard window, select Next to continue.

  1. On the Select Installation Folder step, select Next to install the Authentication Verifier Service to the default folder. Or select Browse to select an installation folder. Select Next.

  1. On the Completing the Acunetix 360 Authentication Verifier Service Setup Wizard step, select Finish to complete the installation.

  1. On the Completing the Acunetix 360 Web Application Setup Wizard step, select Finish to complete the Web Application Setup process.

Next steps:

  1. Configure the Acunetix 360 Web App
  2. Install the Acunetix 360 Scanner Agent
  3. Install the Acunetix 360 Authentication Verifier
  4. Install the Acunetix 360 Bridge

Configuring the Acunetix 360 Web Application Server using the Installation Wizard

From the server URL on which the Acunetix 360 application is installed, you need to run the Acunetix 360 Installation Wizard to complete the installation.

TIP: You can also install the Acunetix 360 Web Application in silent mode. For more information, refer to Installing Acunetix 360 On-Premises in Silent Mode. 

How to configure the Acuentix 360 Web Application Server using the installation wizard

  1. The first step of the Installation Wizard is configuring the Database connection.
  1. Complete the fields to enable Acunetix 360 to build the necessary database structure and populate it with data. Then, click Next.

  1. On the Encryption page, select Download the Secret Key to download your key. Then, select Next.

  1. On the License page, select Import a License (.nsc file) and import your license file. Select Next.
  2. On the Account page, complete the fields to set up your account administrator account. Select Next.
  1. If you use cloud providers like Amazon AWS, you can configure the settings here (refer to Cloud Provider Settings). If you don't use a cloud provider, deselect the Cloud Integration checkbox. Select Next.

  1. On the Scanner Agent Settings page, copy the Access Token if you want to install the scanner agents following the installation wizard process. These agents will be used to scan target applications.

It is possible to skip this step by selecting the Continue without installing an agent checkbox.  

You can install agents whenever you want. If you want to install an agent at this step, execute the file AgentSetup.exe from the zip file. (For more information on agents, refer to Agents in Acunetix 360 On-Premises). Select Next.

  1. On the Authentication Verifier Settings page, copy the Service Token and the Access Token if you want to install the authentication verifier service and verifier agent following the installation wizard process.

Authentication Verifier Service and Verifier Agent are two components of Acunetix 360 On-Premises that are used to verify Form Authentication. They are optional components (see Authentication Verifier Settings). If the websites you are scanning do not use form authentication, you do not need these components.

It is possible to skip this step by selecting Next and setting up it later in Acunetix 360. If you want to set it up, select Install Authentication Verifier. The following page appears:

For more information, refer to Installing Acunetix 360 Authentication Verifier.

Select Next.

  1. You can configure SMS and email notifications to inform users instantly about the status of a web application security scan, or when specific vulnerabilities are identified on the web applications you are scanning. The next steps (Email and SMS) are for configuring E-mail and SMS notification settings (refer to Managing Notifications).

NOTE: To send invitations to new users or other email notifications you need to configure SMTP settings. You also need to have a Twilio account to be able to receive SMS notifications.

It is possible to skip this step and the next step by deselecting the Enable Email Notifications and Enable SMS Notification checkboxes.

  1. Select Finish to complete the installation wizard.

Configuring a proxy for the Acunetix 360 Web Application

You may need to configure a proxy for the Acunetix 360 Enterprise Web Application. For information about setting a proxy for the agent, refer to Setting Proxy in Scanner Agents.

IMPORTANT: This instruction assumes that you installed Acunetix 360 Enterprise On-Premises to the default location, which is C:\Program Files (x86). If not, please change the relevant step in the instructions accordingly.

How to configure a proxy for the Acunetix 360 Web Application

  1. Press the Windows logo key  + E.
  2. Paste the following file path into the address bar: C:\Program Files (x86)\Acunetix 360 Web Application.
  3. Open Web.config with a text editor and locate the proxy configuration line.

<system.net>

    <!--<defaultProxy>

      <proxy usesystemdefault="True" proxyaddress="http://127.0.0.1:8888/"/>

    </defaultProxy>-->

  </system.net>

  1. Remove the comment characters from the proxy configuration line.
  2. Enter your proxy configuration.
  3. Save and close the Web.config file
  4. Restart the IIS for changes to take effect.

TIP: In addition to the proxy address, you can also add information such as a bypass list to the proxy configuration. It looks like the following:

<system.net>  

    <defaultProxy>  

        <proxy  proxyaddress="http://127.0.0.1:8080"  

                bypassonlocal="True"/>  

        <bypasslist>  

            <add address="[a-z]+\.acunetix\.com$" />  

        </bypasslist>  

    </defaultProxy>  

</system.net>

How to change the installation folder for the Acunetix 360 Web Application

The installer does not provide an option to select the folder location, however, you can change the location once the installation is complete. To do this, follow these steps:

  1. Copy the installation folder (C:\Program Files (x86)\Acunetix 360 Web Application) to the target disk.
  2. Open IIS.
  3. From Sites, select Acunetix 360.
  4. Select Advanced Settings.
  5. Replace the physical path with the new path.

Configuring notification settings

In the Acunetix 360 Application Server security scanner, you can configure SMS and email notifications to inform users instantly about the status of a web application security scan, or when specific vulnerabilities are identified on the web applications you are scanning.

NOTE: To send invitations to new users or other email notifications you need to configure SMTP settings. You also need to have a Twilio account to be able to receive SMS notifications.

For more information, refer to Managing Notifications.

How to configure notification settings

  1. Log in to Acunetix 360 with an Administrator account.
  2. From the main menu, select Settings > Email.
  3. Complete the form on the Email Settings page. If your SMTP server does not require a username and password, you can leave these settings empty.
  4. To configure your Twilio settings, from the main menu, select Settings > SMS.
  5. Complete the form on the SMS Settings page.

Installing the Acunetix 360 Agent

The Acunetix 360 Agent is installed using a wizard.

TIP: You can also install the Acunetix 360 Agent in silent mode. For more information, refer to Installing the Acunetix 360 Agent in Silent Mode.

How to Install the Acunetix 360 Agent

  1. Run the AgentSetup.exe file.
  2. On the Acunetix 360 Agent Setup window, select Next.
  3. On the Select Installation Folder step, select Next to install the Agent to the default folder. Or select Browse to select an installation folder. Select Next.

  1. On the Agent Settings window, enter the Agent Name, API URL, and API Token. The Agent Name and API URL fields are already completed. (Agent Name can be configured to any value to help distinguish them from one another, and the API URL should point to the WebApp URL.) Select Next.

TIP: To find your API Token, from the main menu, go to Agents > Manage Agents > Configure New Agent. Copy the Agent Token.

NOTE: If you have already configured SSL/TLS for your Acunetix 360 Application Server, then you should enter that URL and ensure that you use HTTPS (for example: https://acx360server/).

5. On the Ready to Install step, select Install.

6. Select Finish to complete the installation.

Configuring Agent Selection

If you wish, you can select a specific agent while launching a scan.

How to configure Agent selection

  1. Log in to the Acunetix 360 Application Server with an Administrator account.
  2. From the main menu, select Settings > General.
  1. Enable the Agent Selection Enabled checkbox and select Save.

  1. From the main menu, select Scans > New Scan.
  2. In the General tab, select the Preferred Agent drop-down and select an option.

  1. Complete the fields as required.

Installing multiple agents on the same operating system

If you want to install more than one agent on the same system, first install the Acunetix 360 Agent, as usual, using the AgentSetup.exe file.

How to install multiple agents on the same operating system

  1. Copy all files from the default Agent’s folder to the new Agent’s folder. The default installation path is: C:\Program Files (x86)\Acunetix 360 Agent.

For example, if you decided to use Agent-2 as the new Agent name, you could use this command to copy all files to new Agent’s folder:

xcopy "C:\Program Files (x86)\Acunetix 360 Agent\*.*" "C:\Program Files (x86)\Acunetix 360 Agent-2" /yie

This will create a new directory in C:\Program Files (x86)\Acunetix 360 Agent-2 and copy in all the required files.

  1. Locate the new Agent’s folder and open the appsettings.json file with a text editor. Set the new Agent’s name.

  1. Open a command prompt in Windows with Administrator rights and install the new Agent as a Windows Service using these commands:
  • This command changes the current folder to the new Agent’s folder:

cd C:\Program Files (x86)\Acunetix 360 Agent-2

  • This command installs the new Agent as a Windows Service:

Acunetix.Cloud.Agent.exe /i

  • This command starts the new Agent’s Windows Service:

Acunetix.Cloud.Agent.exe /s

Installing the Acunetix 360 Authentication Verifier Agent

The Acunetix 360 Authentication Verifier Agent is installed using a wizard.

NOTE: The Authentication Verifier Agent communicates with the Authentication Verifier Service to verify the login. You can install the Authentication Verifier Agent without installing the verifier service. However, the verifier agent works properly only if you install the Authentication Verifier Service first.

For further information, refer to Authentication Verifier Settings.

How to install the Acunetix 360 Authentication Verifier

  1. Run the AuthVerifierSetup.exe file.
  2. On the Welcome to the Acunetix 360 Authentication Verifier Setup Wizard window, select Next.

  1. Select Browse if you want to install the Authentication Verifier to a different folder than the default folder. Select Next.

  1. On the Authentication Verifier Settings step, enter the API URL and API Token. The API URL field is already completed. (It should point to the WebApp URL.) In the API Token field, enter your token. You can find this in API Settings. Select Next.

  1. Select Install.

TIP: For information about installing multiple verifier agents, refer to Installing multiple agents on the same operating system. 

Installing the Acunetix 360 Bridge

The Acunetix 360 Bridge is installed using a wizard. For more information about AcuSensor, refer to Deploying AcuSensor in Acunetix 360 On-Premises.

How to install the Acunetix 360 Bridge

  1. Run the IASTBridgeSetup.exe file.
  2. On the Welcome to the Acunetix 360 Bridge Setup Wizard window, select Next.

  1. Select Browse if you want to install the Acunetix 360 Bridge to a different folder than the default folder. Select Next.

  1. On the Agent Settings window, enter the Service Port. By default, it is 7880.

  1. Select Install to complete the installation.

TIP: For information about setting up a custom bridge URL for AcuSensor, refer to Deploying AcuSensor in Acunetix 360 On-Premises. 

Securing Acunetix 360

Now your Acunetix 360 installation is complete, you need to make it secure. For more information, refer to Security Hardening for Acunetix 360 On-Premises.

 

« Back to the Acunetix Support Page