Deploying AcuSensor agent for Java - Docker Spring Boot in Acunetix 360
You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.
For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to deploy AcuSensor together with your Spring Boot web application into a Docker container.
The Java AcuSensor requires the following:
This document assumes the following:
Deploying AcuSensor in Java - Docker Spring Boot consists of 5 steps:
Before, going into details, you need to run the following command on the docker host to prepare the folder for the deployment: mkdir /root/myspringapp/
Deploying AspectJWeaver for your container
- Open a terminal
- Run the following commands to download and deploy AspectJWeaver:
- cd /root/myspringapp/
- wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
- mv aspectjweaver-1.9.5.jar aspectjweaver.jar
Deploying AcuSensor for your container
- Create a target website in Acunetix 360 for the exact URL of your new web application (for example http://myspringapp.example.com:8080/ )
- Download the AcuSensor for Java for your web application target
- Copy the AcuSensor (AcuSensor.jar) to the docker host into folder /root/myspringapp/
Preparing Spring Boot
- Build your application called, for this example, myspringapp.jar
- Copy the JAR file for your web application myspringapp.jar to the docker host folder /root/myspringapp/
- Run the following command to create and edit your Dockerfile: nano /root/myspringapp/Dockerfile
- Edit the contents of your Dockerfile to show the following:
COPY Acusensor.jar Acusensor.jar
COPY aspectjweaver.jar aspectjweaver.jar
COPY myspringapp.jar myspringapp.jar
CMD java -javaagent:aspectjweaver.jar -Dacusensor.debug.log=ON -Dloader.path=Shark.jar -cp myspringapp.jar org.springframework.boot.loader.PropertiesLauncher
The parameter "-Dacusensor.debug.log=ON" is optional, and should ONLY be used for
troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".
- 4.3. Save the Dockerfile and exit the nano editor
Build your Docker Image and Start a Container
- Run the following commands on the docker host:
- cd /root/myspringapp/
- docker build -t myspringapp:test .
- docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test
Now, you are ready to scan your new Spring Boot web application with Acunetix 360.