Deploying AcuSensor for PHP - Docker
You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.
For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
The most principled way of deploying AcuSensor in a Docker scenario is to simply layer the AcuSensor sensor modifications onto your already existing container definition.
This simple example will demonstrate how you can deploy AcuSensor together with your web application. There are 4 steps to do this.
Step 1. Create your target in Acunetix 360
For this example, we will assume that the URL for your target is http://acusensorexample.com:60000. Go to Acunetix 360 and create a new target with your URL. From New Scan, select this URL for the scan, then enable AcuSensor. Download the AcuSensor agent file acusensor.php, and save this file for use later on.
Step 2. Define the web application image
- This simple web application will be defined through the following file structure:
/testphp-docker/ /testphp-docker/Dockerfile /testphp-docker/websrc/ /testphp-docker/websrc/index.php /testphp-docker/websrc/test.php |
- Create your /testphp-docker/Dockerfile file to read as follows:
FROM php:7.3.28-apache #setup the web pages COPY --chown=www-data:www-data websrc/ /var/www/html |
- Create your /testphp-docker/websrc/index.php file to read as follows:
<?php echo "<h1>Test PHP Site Example for Docker Deployment</h1>"; echo "<br>"; echo "Welcome to the main page."; echo "<br>"; echo "<a href='test.php'>Go to the test page.</a>"; ?> |
- Create your /testphp-docker/websrc/test.php file to read as follows:
<?php echo "<h1>Test PHP Site Example for Docker Deployment</h1>"; echo "<br>"; echo "Welcome to the test page."; echo "<br>"; ?> |
- Build the image with:
cd /testphp-docker docker build -t testphp-docker . |
Step 3. Define the AcuSensor layer image
- The AcuSensor layer will be defined through the following file structure:
/testphp-docker-acusensor/ /testphp-docker-acusensor/Dockerfile /testphp-docker-acusensor/acusensor.php |
- Copy the acusensor.php file you created in the first step to your docker host into the /testphp-docker-acusensor directory.
- Create your /testphp-docker-acusensor/Dockerfile file to read as follows:
FROM testphp-docker # assumes the web application is in /var/www/html # setup AcuSensor RUN mkdir /acusensor WORKDIR /acusensor COPY acusensor.php . # add .htaccess file for AcuSensor RUN printf "\nphp_value auto_prepend_file /acusensor/acusensor.php\n" > /var/www/html/.htaccess \ && chown www-data:www-data /var/www/html/.htaccess |
- Build and run your image with:
cd /testphp-docker-acusensor docker build -t testphp-docker-acusensor . docker run -d -p 60000:80 --name mytestphp testphp-docker-acusensor |
Step 4. Test and scan your web application
Point your browser to your web application. In this example, http://acusensorexample.com:6000 to confirm it is running as intended.