Integrating Acunetix 360 with HashiCorp Vault

Vault is a privileged access management system that provides access to secrets (key values), such as password and API keys, in a secure way. Due to its centralized system, Vault also records an audit log to check who accessed different features, such as a database. In addition to these benefits, it also encrypts secrets at rest and in transit, and provides applications with access to these secrets for a limited time.  

Acunetix 360 provides integration with HashiCorp Vault Key-Value (KV) to provide the following key values:

  • To eliminate the need to share sensitive credentials for vulnerability scanning on password-protected webpages.
  • To automate credential retrieval to carry out vulnerability assessment on the target website.
  • To manage credentials easily while also ensuring that vulnerability scanning is carried out without.

For further information, see What Systems Does Acunetix 360 Integrate With?.

Vault Fields

This table lists and explains the fields in the New Vault Integration window.

Field

Description

Name

This is the name of the configuration that will be shown elsewhere.

Mandatory

This section contains fields that must be completed.

URL

This is the base URL.

Token

This is the API token for the user to authenticate.

How to Integrate Acunetix 360 with Vault
  1. Log in to Acunetix 360.
  2. From the main menu, click Integrations then New Integration.

  1. From the Privileged Access Management section, click Vault. The New Vault Integration window is displayed.

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
  • URL
  • Token
  1. Click on Test Credentials to make sure that all information is entered correctly.
  2. Click Save.

Launching a New Scan with Vault

When you successfully integrate Vault, you can use this integration to launch a new scan.

This table lists and explains the fields in the HashiCorp Vault Settings window.

Field

Description

Integrations

This is the name of the integration that you entered in the New Vault Integration window.

KV Version

This section contains the Key-Value Version. There are two options: V1 and V2. Please select the relevant one.

Secret Engine

This is the name you entered in Vault for your engine.

Secret

This is the name you entered in Vault for the target website.

Username Key

This holds the username value.

Enable the Use static username checkbox only if you plan not to change a username routinely.

Password Key

This holds the password value.

How to Use the Vault Integration to Launch a New Scan
  1. Log in to Acunetix 360.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. In the Target URL field, enter the URL.
  4. Complete the remainder of the fields, as described in Acunetix 360 New Scan Fields and Acunetix 360 Scan Options Fields.
  5. Then from the Authentication settings, click the Form tab.

  1. Enable the Form Authentication checkbox.
  2. Click the New Persona dropdown, and select Hashicorp Vault. The Hashicorp Vault Settings dialog is displayed.

  1. Complete the fields in the dialog box.

if_Gnome-Dialog-Information-64_55568.png

Information

Click Test Value Settings to see whether the integration works. Only if the test is successful can you save the configuration.

  1. Click Save.
  2. Click Verify Login & Logout to test the new Persona.


 
« Back to the Acunetix Support Page