Configuring Acunetix 360 Bridge
Acunetix 360 Bridge is a necessary application to facilitate communication between IAST sensors and Acunetix 360.
AcuSensor helps you run interactive security testing (IAST) via Acunetix 360. That helps confirm more vulnerabilities and further minimize false positives. By adding IAST capabilities, Acunetix 360 also shows the exact location of the issue and ensures that the entire web application is scanned. For further information, see Deploying AcuSensor in Acunetix 360 On-Premises.
For AcuSensor to operate, you need to download the sensor and deploy it on your server. Additionally, you must configure the Acunetix 360 Bridge for Java, .NET, and Node.js sensors. Note that the PHP sensor does not use the bridge.
How Acunetix 360 Bridge communicates
The bridge is used to relay information from the sensor to the Acunetix 360 scanner agent. The following steps show how the bridge facilitates communication between the scanner and the sensor:
- When the scan is launched, the Scanner connects to the bridge. The scanner includes the AcuSensor token, and this token is the identifier throughout the scan.
- The Bridge starts listening for connections for the scan.
- When the sensor needs to send data, it sends the data to the bridge, together with the AcuSensor token.
- The bridge sends the data to the correct scanner (identified by the token) connected to receive that data.
Both the scanner agent and sensor connect to the bridge via the address and port configured for the bridge. As a result, the Acunetix 360 bridge receives connections from the Scanning engine and from the IAST sensors.
Setting up the Acunetix 360 Bridge
You can set up the Acunetix 360 Bridge if you have Acunetix 360 On-Premises.
Information The Acunetix 360 Bridge is a part of the Acunetix 360 On-Premises installation package delivered to you via a .zip file. |
Installing Acunetix 360 Bridge
The Acunetix 360 Bridge is installed using a wizard. For further information about AcuSensor, see Deploying AcuSensor in Acunetix 360 On-Premises.
How to install Acunetix 360 Bridge
- Run the IASTBridgeSetup.exe file.
- On the Welcome to the Acunetix 360 Bridge Setup Wizard window, select Next.
- Select Browse if you want to install the Acunetix 360 Bridge to a different folder than the default folder. Select Next.
- On the Agent Settings window, enter the Service Port. By default, it is 7880.
- Select Install to complete the installation.
How to set up a custom bridge service
- Press the Windows logo key
- Type Services.
- Make sure the Acunetix 360 Bridge is running.
Tips By default, the Acunetix 360 Bridge runs at the 7880 port. |
- Log in to Acunetix 360.
- From the main menu, select Settings > General.
- Go to the IAST Bridge section.
- Enter your custom URL into the Default Bridge URL field. (You can enter your custom URL like this: http://52.58.213.161:7880)
- Select Save.
Configuring Acunetix 360 On-Premises for a custom IAST bridge
You can configure the bridge address on the General Settings page or the AcuSensor Settings.
- You can set the default bridge URL and port on the General Settings page.
- On the Shark settings page, the advanced setting lets you override the default bridge URL for each website.
As a bridge URL and port, you can use the URL provided by Acunetix. OR, you can set up a custom bridge.
Information Make sure that the AcuSensors can connect to the address/port specified. |
How to configure the default IAST Bridge URL via the General Settings page
- Log in to Acunetix 360.
- From the main menu, select Settings > General.
- Into the IAST Bridge field, enter your bridge URL.
How to override the default IAST Bridge URL via the AcuSensor Settings
- Log in to Acunetix 360.
- From the main menu, select Scans > New Scan.
- Specify the Target URL.
- From the Scan Settings, select AcuSensor (IAST and SCA).
- From the AcuSensor Settings section, select Enable AcuSensor.
- From the Server Platform drop-down, select Java, .NET, or Node.js.
- From the AcuSensor (IAST) Agent Settings drop-down, enter the URL and the port into the Bridge URL field.