Deploying Acunetix 360 AcuSensor for Java - Linux (WebSphere Liberty 19.0.0.9+ with WAR file)

This guide explains how you can run a Java application in WebSphere and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.

NOTE: This document assumes WebSphere is installed in /opt/wlp

Step 1: Prepare AcuSensor for Java

In this example, the test application is deployed to the following URL: http://websphere-backend-proto.invicti.site:9080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).

  1. Create a new target for your URL.
  2. Download AcuSensor for Java from the Acunetix 360 UI and retain the AcuSensor (IAST and SCA).jar file for the next step.
  3. On the WebSphere machine:
  1. Create a root folder /acusensor
  2. Copy the acusensor.jar file to /acusensor/AcuSensor.jar

Step 2: Deploy AcuSensor and required components

On the WebSphere machine:

  • Create a file /opt/wlp/usr/servers/defaultServer/jvm.options, and set the contents as follows:

-javaagent:/acusensor/acusensor.jar

-Dacusensor.debug.log=ON 

Step 3: Deploy your application

  1. Copy your axexample-java.war file into the /opt/wlp/usr/servers/defaultServer/dropins folder.
  2. From the terminal, restart WebSphere with:

/opt/wlp/bin/server stop

/opt/wlp/bin/server start 

Step: Test and scan your web application

  1. Point your browser to your web application to confirm it is running as intended.
  2. Run a scan on your target. The scan summary will confirm that AcuSensor was detected and used for the scan.

« Back to the Acunetix Support Page