Configuring Acunetix 360 Bridge

Acunetix 360 Bridge is a necessary application to facilitate communication between IAST sensors and Acunetix 360.

AcuSensor helps you run interactive security testing (IAST) via Acunetix 360. That helps confirm more vulnerabilities and further minimize false positives. By adding IAST capabilities, Acunetix 360 also shows the exact location of the issue and ensures that the entire web application is scanned. For more information, refer to Deploying AcuSensor in Acunetix 360 On-Premises.

For AcuSensor to operate, you need to download the sensor and deploy it on your server. Additionally, you must configure the Acunetix 360 Bridge for Java, .NET, and Node.js sensors. Note that the PHP sensor does not use the Acunetix 360 Bridge.

How Acunetix 360 Bridge communicates

The bridge is used to relay information from the sensor to the Acunetix 360 scanner agent. The following steps show how the bridge facilitates communication between the scanner and the sensor:

1. When the scan is launched, the scanner connects to the bridge. The scanner includes the AcuSensor token, and this token is the identifier throughout the scan.
2. The bridge starts listening for connections for the scan.
3. When the sensor needs to send data, it sends the data to the bridge, together with the AcuSensor token.
4. The bridge sends the data to the correct scanner (identified by the token) connected to receive that data.

Both the scanner agent and sensor connect to the bridge via the address and port configured for the bridge. As a result, the Acunetix 360 bridge receives connections from the scanning engine and from the IAST sensors.

Setting up the Acunetix 360 Bridge

You can set up the Acunetix 360 Bridge if you have Acunetix 360 On-Premises.

How to install Acunetix 360 Bridge

1. Run the IASTBridgeSetup.exe file.
2. On the Welcome to the Acunetix 360 Bridge Setup Wizard window, select Next.

3. Select Browse if you want to install the Acunetix 360 Bridge to a different folder than the default folder. Select Next.

4. On the Agent Settings window, enter the Service Port. By default, it is 7880.

5. Select Install to complete the installation.

How to set up a custom bridge service

1. Press the Windows logo key  
2. Type Services and open the Services application.
3. Make sure the Acunetix 360 Bridge is running.

4. Log in to Acunetix 360 On-Premises.
5. Select Settings > General from the left-side menu.
6. Locate the IAST Bridge Settings section.
7. Enter your custom URL into the Default Bridge URL field. (You can enter your custom URL like this: https://52.58.213.161:7880)

8. Click Save.

Configuring Acunetix 360 On-Premises for a custom IAST bridge

You can configure the bridge address on the General Settings page or the AcuSensor Settings.

• You can set the default bridge URL and port on the General Settings page.
• In the AcuSensor Settings, the advanced setting lets you override the default bridge URL for each website.

You can use the URL provided by Acunetix 360 as a bridge URL and port, or you can set up a custom bridge.

How to configure the default IAST Bridge URL via the General Settings page

1. Log in to Acunetix 360 On-Premises.
2. Select Settings > General from the left-side menu.
3. Into the IAST Bridge Settings field, enter your bridge URL.

How to override the default IAST Bridge URL via the AcuSensor Settings

1. Log in to Acunetix 360 On-Premises.
2. Select Scans > New Scan from the left-side menu.
3. Specify the Target URL.
4. From the Scan Settings, select AcuSensor (IAST and SCA).
5. From the AcuSensor Settings section, select Enable AcuSensor.
6. From the Server Platform drop-down, select Java, .NET, or Node.js.
7. From the AcuSensor (IAST) Agent Settings drop-down, enter the URL and the port into the Bridge URL field.