Deploying Acunetix 360 AcuSensor for Java - Windows/Linux (JBOSS 7.4 Standalone + WAR File)

This guide explains how you can run a Java application in JBOSS and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.

Step 1: Prepare AcuSensor for Java

In this example, the test application is deployed to the following URL: http://127.0.0.1:8080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment).

  1. Create a new target website for your URL.
  2. Download AcuSensor for Java from the Acunetix 360 UI and retain the AcuSensor (IAST and SCA).jar file for the next step (AcuSensor (IAST and SCA).jar is saved to C:\acusensor\ in our example). Change the paths accordingly if you are using the Java IAST Sensor on Linux.

Step 2: Deploy AcuSensor and the required components

  • Windows: Edit the contents of the %JBOSS_HOME%\bin\standalone.conf.bat file and add the following to the bottom of the file:

rem *** Acusensor settings

set "JAVA_OPTS=%JAVA_OPTS% -Dacusensor.debug.log=ON"

set "MODULE_OPTS=-javaagent:C:\acusensor\AcuSensor (IAST and SCA).jar

  • Linux: Edit the contents of the %JBOSS_HOME%/bin/standalone.conf file and add the following to the bottom of the file:

# *** Acusensor settings

JAVA_OPTS="$JAVA_OPTS -Dacusensor.debug.log=ON"

MODULE_OPTS="-javaagent:/acusensor/AcuSensor (IAST and SCA).jar"

Step 3: Deploy your application and start your JBOSS server

  1. Ensure that your web application is deployed.
  2. From the command line, navigate to your %JBOSS_HOME%\bin folder, and launch JBOSS.

Step 4: Test and scan your web application

  1. Point your browser to your web application to confirm it is running as intended.
  2. Run a scan on your URL. The scan summary will confirm that AcuSensor was detected and used for the scan.

« Back to the Acunetix Support Page