Configuring internal agents for secrets management services
You can use internal agents in Acunetix 360 to communicate with secrets and encryption management services, such as CyberArk.
- These secrets and encryption management services help you centrally manage privileged account identities in a single location.
- They prevent unauthorized access to critical systems and protect credentials used in on-premises, hybrid, and cloud environments.
- Further, they can rotate these passwords and SSH keys.
Using such services provide extra security when you scan password-protected web pages with Acunetix 360. When you integrate Acunetix 360 with these secrets management services, you are no longer required to enter sensitive information, such as passwords.
You can integrate Acunetix 360 with these services on the cloud and on-premises.
This topic explains how to authenticate a form using on-premises secrets and encryption services, such as CyberArk, together with an internal authentication verifier agent and how to scan your internal website.
Prerequisites
Warning It is highly recommended that the secrets and encryption management service, the scan agent, and the authentication verifier agent have network connectivity among themselves. |
- A secrets and encryption management service installed on your environment. (CyberArk, HashiCorp, or Azure Key Vault)
- Install a scan agent.
- Install an authentication verifier agent. (This agent is required to test the connection between the agent and the service.)
- Configure an agent for a website. (For further information, see How to add a website in Acunetix 360.)
- Whitelist invicti.com
- Whitelist r87.me
How to authenticate form using authentication verifier agent with CyberArk
- Log in to Acunetix 360.
- From the main menu, select Scans > New Scan.
- In the Target URL field, enter the URL.
- Then from the Authentication settings, select the Form tab.
- Select Form Authentication.
- Enter a login form URL.
- From the New Persona drop-down, select a secret and encryption management service. (This example uses CyberArk EPV.)
- Complete the fields in the dialog.
Information Select Test Value Settings to verify the username and password. |
- Select Save.
- Select Verify Login & Logout to test the new Persona.
Warning If there is more than one authentication verifier agent installed on your machine, Acunetix 360 shows a drop-down to select the verifier agent you want to use. Make sure to select the authentication verifier agent that can communicate with CyberArk. |
Tips If the Verify Login & Logout button is green, this means the Acunetix 360 Authentication Verifier Agent authenticated the login form successfully. |
How to scan an internal website with an agent
- Log in to Acunetix 360.
- From the main menu, select Scans > New Scan.
- From the Target URL field, select your Internal Website (if the field is not already populated).
- Complete the remainder of the fields, as described in Acunetix 360 New Scan Fields and Acunetix 360 Scan Options Fields.
- From the Scan Settings, do the following:
- Select General.
- From the Prefered Agent drop-down, select the scan agent that can communicate with the secrets and encryption management service.
- Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)