Installing and Configuring Acunetix 360 On-Premises

Acunetix 360 has three parts.

if_Gnome-Dialog-Information-64_55568.png

Information

All Acunetix editions support IPv6 both as servers and agents. This means you can configure Acunetix 360 On-premises server to use IPv6, and Acunetix 360 can scan websites that use IPv6.

Acunetix 360 Application Server

The Acunetix 360 Application Server provides the web interface that enables the efficient administration and automation of scans. This is the application that users will see and use via the Acunetix 360 UI.

Acunetix 360 Agent

Acunetix 360 Agent is a service application that executes scans and informs the Acunetix 360 Application Server of the results.

if_Gnome-Dialog-Information-64_55568.png

Information

A single agent can only run one scan at a time. If you want to run more than one scan at a time, you will need to install more agents.

Acunetix 360 Authentication Verifier

Acunetix 360 Authentication Verifier is a service application that verifies form-based login authentication configuration. This is an optional component. If you are scanning websites that do not require form authentication, you don’t need to install it.

If you need help during installation, please contact support@acunetix.com.

Prerequisites

This section lists the minimum requirements for installing Acunetix 360 On-Premises.

Minimum Requirements for Acunetix 360 Application Server

All components (Acunetix 360 Application Server, Acunetix 360 Agent, Acunetix 360 Authentication Verifier and Database Server) can be installed on the same server, if the hardware meets the listed requirements.

if_Gnome-Dialog-Information-64_55568.png

Information

We highly recommend that you install the Agents on separate servers, to maximise stability and performance.

Software Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • Web Server (IIS) role should be installed on the server
  • IIS 10
  • .NET Framework 4.7.2

Hardware Requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 4 GB RAM (8 GB or higher recommended)
  • 5 GB Free Disk space (20 GB or higher recommended)

Required Access for Installation

  • RDP credentials and access as a user with Administrator rights
  • Can be installed by an Acunetix Engineer (or the user) using the provided installer

Minimum Requirements for Acunetix 360 Agent

These are the minimum requirements for Acunetix 360 Agent.

Software Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2

Hardware Requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 1 GB RAM (4 GB or higher recommended)
  • 2 GB free disk space (5 GB or higher recommended)

Network Requirements

  • Agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port

Required Access for Installation

  • Installation of the Agent requires Administrator rights

Minimum Requirements for Acunetix 360 Authentication Verifier

These are the minimum requirements for Acunetix 360 Authentication Verifier.

Software Requirements

  • Windows Server 2012 or above (Windows Server 2012 R2 recommended)
  • .NET Framework 4.7.2

Hardware Requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 1 GB RAM (4 GB or higher recommended)
  • 2 GB Free Disk space (5 GB or higher recommended)

Network Requirements

  • Authentication Verifier needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port

Required Access for Installation

  • Installation of the Authentication Verifier requires Administrator rights

Minimum Requirements for the Database Server

These are the minimum requirements for the Database Server.

if_Gnome-Dialog-Information-64_55568.png

Information

Please note, the database is not provided by Acunetix. You must set it up yourself.

Software Requirements

  • Microsoft SQL Server 2008 or above (Microsoft SQL Server 2012 recommended)

Hardware Requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 1 GB RAM (4 GB or higher recommended)
  • 6 GB Free Disk space

Network Requirements

  • Acunetix 360 Application Server needs to access this database server for the relevant port (1433 by default) or it needs to be on the same server

Required Access for Installation

  • Installation for configuring the Database Server requires either administrator or RDP access
  • Alternatively, database credentials or database owner permissions are required, along with the Name of an empty SQL Server database
  • The Database Collation field should be configured as case insensitive

Downloading the Installer Files

The Installer files are conveniently downloaded in a .zip file.

How to Download the Installer Files
  1. Download the Acunetix360.zip file you were emailed to your server
  2. Extract the .zip file to a directory
  3. Check that these four files are in the directory:
  • WebAppSetup.exe (Acunetix 360 Application Server installer)
  • AgentSetup.exe (Acunetix 360 Agent installer)
  • AuthVerifierSetup.exe (Acunetix 360 Authentication Verifier installer)
  • [company].nsc (License file)

Installing the Acunetix 360 Application Server

The Acunetix 360 Application Server is installed using a wizard.

How to Install the Acunetix 360 Application Server
  1. Run the WebAppSetup.exe file. The Acunetix 360 Web Application Setup wizard is displayed, and opens at the Ready to Install step.
  2. Click Install. The Installing Acunetix 360 Web Application step is displayed. Wait.

  1. The Completing the Acunetix 360 Web Application Setup Wizard step is displayed.

  1. Click Finish.
  2. Next, install Acunetix 360 Scanner Agent (see Installing Acunetix 360 Agent).
  3. Finally, install Acunetix 360 Authentication Verifier (see Installing Acunetix 360 Authentication Verifier).

Configuring Notification Settings

In the Acunetix 360 Application Server security scanner, you can configure SMS and email notifications to inform users instantly about the status of a web application security scan, or when specific vulnerabilities are identified on the web applications you are scanning.

To send invitations to new users or other email notifications you need to configure SMTP settings. You also need to have a Twilio account to be able to receive SMS notifications.

For further information, see Configuring Email and SMS Notification Rules.

How to Configure Notification Settings
  1. Login with an admin account.
  2. From the main menu, click Settings, then Email. The Email Settings window is displayed.
  3. Complete the form. If your SMTP server does not require a username and password, you can leave these settings empty.
  4. To configure your Twilio settings, from the main menu, click Settings, then SMS. The SMS Settings window is displayed.
  5. Complete the form.

Installing the Acunetix 360 Agent

The Acunetix 360 Agent is installed using a wizard.

How to Install the Acunetix 360 Agent
  1. Run the AgentSetup.exe file. The Acunetix 360 Agent Setup wizard is displayed, and opens at the Welcome to the Acunetix 360 Agent Setup Wizard step.
  2. Click Next. The Select Installation Folder step is displayed.

  1. Click Browse and select the installation folder.
  2. Click Next. The Agent Settings step is displayed.

  1. The Agent Name and API URL fields are already completed. (Agent Name can be configured to any value to help distinguish them from one another, and API URL should point to the WebApp URL.)

if_Gnome-Dialog-Information-64_55568.png

Information

If you have already configured SSL/TLS for your Acunetix 360 Application Server, then you should enter that URL and ensure that you use HTTPS (for example: https://acx360server/).

  1. Complete the API Token field.
  2. Click Next. The Ready to Install step is displayed.

  1. Click Install. The Installing Acunetix 360 Agent step is displayed.

  1. Click Next. The Completing the Acunetix 360 Agent Setup Wizard step is displayed.
  2. Click Finish. The installation is complete.

Configuring Agent Selection

If you wish, you can select a specific agent while launching a scan.

How to Configure Agent Selection
  1. Login to the Acunetix 360 Application Server with an admin account.
  2. From the main menu, click Settings, then General. The General Settings window is displayed.

  1. Enable the Agent Selection Enabled checkbox and click Save.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. In the General tab, click the Preferred Agent dropdown and select an option.

  1. Complete the fields as required.

Installing Multiple Agents on the Same Operating System

If you want to install more than one agent on the same system, first install Acunetix 360 Agent as usual using the AgentSetup.exe file.

How to Install Multiple Agents on the Same Operating System
  1. Copy all files from the default Agent’s folder to the new Agent’s folder. The default installation path is: C:\Program Files (x86)\Acunetix 360 Cloud Agent.

For example, if you decided to use Agent-2 as the new Agent name, you could use this command to copy all files to new Agent’s folder:

xcopy "C:\Program Files (x86)\Acunetix 360 Cloud Agent\*.*" "C:\Program Files (x86)\Acunetix 360 Cloud Agent-2" /yie

This will create a new directory in C:\Program Files (x86)\Acunetix 360 Cloud Agent-2 and copy in all the required files.

  1. Locate the new Agent’s folder and open the Acunetix .Cloud.Agent.exe.config file with a text editor. Set the new Agent’s name.

  1. Open a command prompt in Windows with Administrator rights and install the new Agent as a Windows Service using these commands:
  • This command changes the current folder to the new Agent’s folder:

cd C:\Program Files (x86)\Acunetix 360 Cloud Agent-2

  • This command installs the new Agent as a Windows Service:

Acunetix 360.Cloud.Agent.exe /i

  • This command starts the new Agent’s Windows Service:

Acunetix 360.Cloud.Agent.exe /s

Installing Acunetix 360 Authentication Verifier

The Acunetix 360 Authentication Verifier is installed using a wizard.

How to Install the Acunetix 360 Authentication Verifier
  1. First, run the AuthVerifierSetup.exe file. The Acunetix 360 Authentication Verifier Setup wizard is displayed, and opens at the Welcome to the Acunetix 360 Authentication Verifier Setup Wizard step.
  2. Click Next. The Select Installation Folder step is displayed.

  1. Click Browse and select the installation folder, if you want a different one.

  1. Click Next. The Authentication Verifier Settings step is displayed.

  1. The API URL field is already completed. (It should point to the WebApp URL.)
  2. In the API Token field, enter your token. You can find this in API Settings.
  3. Click Next. The Ready to Install step is displayed.

  1. Click Install.

Securing Acunetix 360

Now your Acunetix 360 installation is complete, you need to make it secure.

Configuring the SSL/TLS Certificate for Acunetix 360 Application Server

if_Gnome-Preferences-System-64_55738.png

Warning

Unless your Acunetix 360 Application Server is configured to use HTTPS, the traffic between the Acunetix 360 Agents and Acunetix 360 Application Server will be in cleartext.

These instructions show you how to install your website certificate in Microsoft IIS.

https://comodosslstore.com/blog/ssl-certificate-installation-microsoft-iis-8-and-iis-8-5.html 

How to Configure the SSL/TLS Certificate for Acunetix 360 Application Server
  1. Login to the Acunetix 360 Application Server with an admin account.
  2. From the main menu, click Settings, then General. The General Settings window is displayed.
  3. In the Server Root URL field, replace the protocol with ‘https’.
  4. If you have completed the SSL/TLS configuration before installing any of the Acunetix 360 Agents, then complete the following steps, because your configuration should already be correct.

If you need to go back and update your Agents, however, do the following:

  • Open Acunetix 360 Agent’s config file (default location is C:\Program Files (x86)\Acunetix 360 Cloud Agent\Acunetix.Cloud.Agent.exe.config) and change the apiRootUrl to the new HTTPS link:

  • Restart the server on which the agent is installed. In order to accomplish a successful connection between the Agent and the Acunetix 360 Application Server, the HTTPS connection should contain no SSL/TLS errors. If you see any certificate errors, as illustrated below, the agent will not be able to connect to the Acunetix 360 Application Server due to this SSL/TLS validation error:

if_Gnome-Dialog-Information-64_55568.png

Information

You can install an internal trusted certificate on the Acunetix 360 Application Server and Acunetix 360 Agents. When both servers and visitors have this certificate, everything will work as expected.

Enabling Two-Factor Authentication

Acunetix 360 users can enable two-factor authentication. 2FA setup doesn’t require an online connection or transmit any kind of data to outside networks.

For further information, see Two-Factor Authentication.

Encrypting Connections to the SQL Server

Enabling SSL/TLS encryption increases the security of data transmitted between the SQL Server and Acunetix 360 Application Server. This is only necessary if the SQL Server is installed on a different server in a different network.

How to Encrypt Connections to SQL Server
  1. First, configure an SSL/TLS certificate for your SQL Server instance (see How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console).
  2. Next, from the main menu, click Settings, then Database. The Database Settings window is displayed.
  3. Enable the Encrypt Connection checkbox.

 

« Back to the Acunetix Support Page