Deploying AcuSensor in Acunetix 360 On-Premises

You can run interactive security testing with Acunetix 360 AcuSensor in your web application in order to confirm more vulnerabilities and further minimize false positives.

By adding IAST capabilities with the AcuSensor, Acunetix 360 provides the following benefits:

  • Showing the exact location of the issue and reporting debug information
  • Providing additional details to help security teams uncover more vulnerabilities
  • Complementing existing Proof-based Scanning™ functionality to automatically prove even more vulnerabilities and simplify remediation efforts
  • Ensuring that the entire web application is scanned, including any hidden and unlinked locations that may be inaccessible to the crawler

For AcuSensor to operate, you need to download an agent and deploy it on your server. For security reasons, this agent is generated uniquely for each target website. Deploying the AcuSensor is optional.

Best practices for using AcuSensor

Acunetix 360 AcuSensor delivers optimal results when deployed in the right environment. Follow these guidelines for the best experience:

  • Staging Servers: Install Acunetix 360 AcuSensor on your staging servers to perform IAST analysis effectively. This is the ideal environment for such operations.
  • CI/CD Pipelines: You can install Acunetix 360 AcuSensor on virtual machines as part of CI/CD pipelines to integrate IAST analysis into your development process. In this setup, ensure that the AcuSensor installation is configured within the CI/CD pipeline.
  • Avoid Production Servers: We do not recommend installing Acunetix 360 AcuSensor on production servers. Although it uses minimal resources, it could still impact the performance of your production environment.

How to download AcuSensor in Acunetix 360 On-Premises

  1. Select Scans > New Scan from the left-side menu.
  2. Fill in the Target URL and Scan Profile.
  3. From the Scan Settings, select AcuSensor (IAST and SCA).

  1. Select the Enable AcuSensor checkbox.
  2. In the Server Platform drop-down, specify the platform and click Save As. The options are:        
  1. .Net
  2. PHP
  3. JAVA
  4. Node.js

        The download starts immediately.

WARNING:

  • If you modify any of the following settings after downloading, re-download your files.

  1. From the Advanced Settings, you can:
  • Select the I have a token I would like to reuse checkbox and enter your token, if you already have one.
  • Enter the Bridge URL and Port only if you want to override the default settings.

How to set up a custom Bridge service for Acunetix 360 AcuSensor (IAST)

You can either use the bridge service provided by Acunetix 360 or install the Acunetix 360 IAST Bridge to set up a custom bridge service.

Prerequisites:

  • Install the Acunetix 360 IAST Bridge.

Follow these steps to set up a custom Bridge for Acunetix 360

  1. Press the Windows logo key
  2. Type Services.
  3. Ensure that the Acunetix 360 IAST Bridge service is running.

NOTE: By default, the Acunetix 360 IAST Bridge runs at the 7880 port using HTTPS.

  1. Log in to Acunetix 360.
  2. Select Settings > General from the left-side menu.
  3. Go to the IAST Bridge section.
  4. Enter your custom URL to the Default Bridge URL field. (You can enter your custom URL like this: https://52.58.213.161:7880)
  5. Click Save on the bottom of the page.

IMPORTANT:

If you change your bridge URL after installing the AcuSensor, you must re-install these sensors, so the changes can take effect.

The process for deploying Acunetix AcuSensor on your server is explained in the following documents:

Fields on the AcuSensor (IAST) Page

This section lists and explains the fields available on the AcuSensor (IAST) page.

Installation Files - This section allows you to download the necessary files for use on your server.

Server Platform - Select your server platform (e.g., PHP, Java) to download the appropriate files for your server.

Advanced Settings - Use this section to override the default AcuSensor Token and Bridge URL/Port settings.

  • If you need to override the default settings, ensure changes are made before downloading any files for your server.

AcuSensor Token - The AcuSensor Token secures communication between the Acunetix 360 scanner and the IAST AcuSensor agent. A unique token is automatically generated for each website’s AcuSensor agent installation.

  • If you already have a token, select the I have a token I would like to reuse checkbox and enter your token.
  • This field is mandatory.

Bridge URL and Port - The Bridge URL and Port specify the IAST Bridge's address, which relays information from the AcuSensor agent to the Acunetix 360 Scanning Engine.

  • The default Bridge URL and Port can be configured on the General Settings page. You can override these settings on the AcuSensor configuration page for individual websites.
  • You may use the Bridge URL provided by Acunetix 360 or configure a custom Bridge. For more information, see Setting a Custom Bridge URL for Acunetix 360 AcuSensor (IAST).
  • Ensure that the AcuSensor can connect to the specified address and port.
  • This field is mandatory for Java, .NET, and Node.js.

« Back to the Acunetix Support Page