Deploying AcuSensor for .NET in Acunetix 360
You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.
For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to download and copy the AcuSensor files to your hard disk and install AcuSensor to your web application.
Deploying the AcuSensor agent consists of 3 steps:
Step 1. Downloading the AcuSensor agent
You can find the required instructions to download the AcuSensor agent in Deploying Acunetix AcuSensor in Acunetix 360.
You must install Prerequisites on the server hosting the website. The AcuSensor installer application requires Microsoft .NET Framework 3.5 or higher.
Step 2. Copying the AcuSensor agent to web server
You need to copy the AcuSensor installation files to the server hosting the .NET website.
Step 3. Installing AcuSensor
To install Acunetix AcuSensor, you need to take the following steps.
How to install Acunetix AcuSensor for .NET websites
- Extract the dotnet-acusensor.zip file.
- Launch the Injector.exe file.
- On start-up, the Injector will retrieve a list of .NET applications installed on your server.
- From the Acunetix .NET AcuSensor window, select the application(s).
- Select Install Sensor to install the AcuSensor Technology sensor in the selected .NET applications. Wait for the installation to be over.
- Close the confirmation window and also the AcuSensor manager.
How to remove Acunetix AcuSensor for .NET websites
- Open the Injector.
- Select the websites, then Remove Sensor.
- Close the Acunetix .NET AcuSensor.
If needed, you can also uninstall the Acunetix .NET AcuSensor Manager from the Add/Remove Programs from the Settings.
Using Command Line to install or remove the AcuSensor
You can install or remove the AcuSensor using the command line.
- Copy and extract dotnet-acusensor.zip to the server hosting the .NET website.
C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m inject -t http://localhost:86/yaf_forums
Target Found. Injecting sensor to: http://localhost:86/yaf_forums
C:\Users\Administrator\Desktop\dotnet-acusensor>injector -m uninject -t http://localhost:86/yaf_forums
Target Found. Uninjecting sensor from: http://localhost:86/yaf_forums
The -m switch can be:
- inject - to inject the AcuSensor agent into a web application
- uninject - to remove the AcuSensor agent from a web application
- list - to list the web application on the web server
The -t switch should specify the URL for which you wish to inject or remove the AcuSensor agent
Note: If the web application is at the root of a URL path, you must include a forward slash at the end of the URL (in this example, http://localhost:86/); if the web application is in a subfolder, you must not include a forward slash at the end of the URL (in this example, http://localhost:86/yaf_forums)
Although the AcuSensor agent is secured with a unique strong built-in password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.