The following article shows you how you can run a Java application in a Docker container and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.
Step 1: Prepare an Example Application Using Eclipse IDE
- Go to the menu item File → New → Project
- In the New Project wizard, search for and select the Dynamic Web Project option and click on the Next > button
- Perform the following steps:
- Set the Project name field to HelloWorld
- Set the Target runtime field to Apache Tomcat v9.0
- Set the Dynamic web module version field to 4.0
- Set the Configuration field to Default Configuration for Apache Tomcat v9.0
- Click on the Finish button
- In the Open Associated Perspective? dialog, click on the No button
- Perform the following steps:
- Expand the HelloWorld project
- Right-click on the src folder
- Select the New → Other option
- Highlight the Servlet option
- Click on the Next > button
- Perform the following steps:
- Set the Java package field to com.mytest.helloworld
- Set the Class name field to HelloWorldServlet
- Click on the Finish button
- Edit the contents to read as follows:
package com.mytest.helloworld; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class HelloWorldServlet */ @WebServlet("/HelloWorldServlet") public class HelloWorldServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public HelloWorldServlet() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.print("<html><body><h1>Servlet Invoked Successfully!</h1></body></html>"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } }
- Expand the HelloWorld project, right-click on the WebContent folder, and select the New → File option
- Set the filename to index.html, click on the Finish button, and edit the contents to read as follows:
<html> <head> <title>Hello World!</title> </head> <body> <h1>Hello World!</h1><br/><br/> <a href="HelloWorldServlet">Click here to invoke servlet</a> </body> </html>
- Make sure that the changes to both new files are saved
- Right-click on the HelloWorld project, click on the Export… option, search for the WAR file option and select it
- Click on the Next > button and select a Destination for your exported WAR file
- Click on the Finish button
Step 2: Prepare a Location on Your Docker Host
You must prepare a location on your Docker host to contain all the resources to build your docker container. To do this, run the following commands on the Docker host:
mkdir ~/mynewapp
Step 3: Download and Prepare AspectJWeaver
Run the following commands on the Docker host:
cd ~/mynewapp
wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
mv aspectjweaver-1.9.5.jar aspectjweaver.jar
Step 4: Prepare AcuSensor for Java
We will deploy the test application to the following URL: http://mydockerhostipaddress:8080/helloworld
- Create a new target for the above URL, replacing mydockerhostipaddress with the IP address of your Docker host
- Download AcuSensor for Java from the Acunetix UI
- Copy the AcuSensor.jar file into your Docker host folder ~/mynewapp
Step 5: Prepare the Environment Variables for Tomcat to Use AcuSensor
- Run the following commands on the Docker host:
nano ~/mynewapp/setenv.sh
– this will create a new setenv.sh file
- Add the following line to the setenv.sh file:
JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/local/tomcat/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
- Exit the Nano editor and save the changes to the setenv.sh file
Step 6: Prepare Your Web Application for Docker
Copy the HelloWorld.war file that you created into your docker host folder ~/mynewapp
Step 7: Prepare Your Dockerfile
- Run the following commands on the Docker host:
nano ~/mynewapp/Dockerfile
- Enter the following content into your Dockerfile:
FROM tomcat:9.0-alpine COPY AcuSensor.jar /usr/local/tomcat/lib/AcuSensor.jar COPY aspectjweaver.jar /usr/local/tomcat/lib/aspectjweaver.jar COPY HelloWorld.war /usr/local/tomcat/webapps/helloworld.war EXPOSE 8080 CMD ["catalina.sh", "run"]
Step 8: Build Your Image
Run the following commands on the Docker host:
cd ~/mynewapp
docker build -t mynewapp:test .
Step 9: Start a Container Based on Your New Image
Run the following commands on the Docker host:
docker run --publish 8080:8080 --detach --name myapp mynewapp:test
Step 10: Confirm That Your New Web Application Works
To confirm that your new web application works, point your browser to your Docker container: http://mydockerhostipaddress:8080/helloworld
Step 11: Launch an Acunetix Scan Against the Target
Run an Acunetix scan using the http://mydockerhostipaddress:8080/helloworld as the target.
Get the latest content on web security
in your inbox each week.