Deploying Acunetix 360 AcuSensor for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)
This guide explains how you can run a Java application in JBOSS and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.
Step 1: Prepare AcuSensor for Java
In this example, the test application is deployed to the following URL: http://127.0.0.1:8080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).
- Create a new target website for your URL.
- Download AcuSensor for Java from the Acunetix 360 UI and retain the AcuSensor (IAST and SCA).jar file for the next step (AcuSensor (IAST and SCA).jar is saved to C:\acusensor\ in our example). Change the paths accordingly if you are using the Java IAST Sensor on Linux.
Step 2: Deploy AcuSensor and the required components
- Windows: Edit the contents of the %JBOSS_HOME%\bin\standalone.conf.bat file and add the following to the bottom of the file:
rem *** Acusensor settings set "JAVA_OPTS=%JAVA_OPTS% -Dacusensor.debug.log=ON" set "MODULE_OPTS=-javaagent:C:\acusensor\AcuSensor (IAST and SCA).jar |
- Linux: Edit the contents of the %JBOSS_HOME%/bin/standalone.conf file and add the following to the bottom of the file:
# *** Acusensor settings JAVA_OPTS="$JAVA_OPTS -Dacusensor.debug.log=ON" MODULE_OPTS="-javaagent:/acusensor/AcuSensor (IAST and SCA).jar" |
Step 3: Deploy your application and start your JBOSS server
- Ensure that your web application is deployed.
- From the command line, navigate to your %JBOSS_HOME%\bin folder, and launch JBOSS.
Step 4: Test and scan your web application
- Point your browser to your web application to confirm it is running as intended.
- Run a scan on your URL. The scan summary will confirm that AcuSensor was detected and used for the scan.