Deploying AcuSensor for Node.js - Docker in Acunetix 360

You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.  

  • Node.js is an open-source server environment designed to build scalable network applications, as it is capable of handling a vast number of simultaneous connections with high throughput. Depending on the specific frameworks and libraries, debugging a Node.js application can be tricky though.

  • You can take advantage of Acunetix’s unique DAST-induced IAST approach to get an inside view into how security checks and test payloads are processed within these environments. These additional insights will let you isolate the location and root cause of security defects quickly.

The most principled way of deploying AcuSensor in a Docker scenario is to simply layer the AcuSensor modifications onto your already existing container definition. This simple example will demonstrate how you can deploy AcuSensor together with your web application.

The following example demonstrates how you can deploy AcuSensor together with your web application.

Step 1. Downloading the AcuSensor

Information

For this example, we will assume that the URL for your target is http://acunetixexample.com:60000/.

  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. Choose a Target URL.
  4. From the Scan Settings, select AcuSensor (IAST and SCA).
  5. From the Shark Settings, select Enable AcuSensor.
  6. From the Server Platform drop-down, select Nodejs, then Save As.

Acunetix 360 downloads the following .tar file: AcuSensor (IAST and SCA)

Information

Change the name of the TAR file downloaded into this: AcuSensorNodeJs.tar

Step 2. Defining the web application image

The following file structure defines the simple web application.

/testnodejs-docker/

/testnodejs-docker/Dockerfile

/testnodejs-docker/src/app.js

/testnodejs-docker/src/package.json

  1. Create your /testnodejs-docker/Dockerfile file to read as follows:

FROM node:12

COPY src/ .

RUN npm install

#setup and install AcuSensor

COPY AcuSensorNodeJs.tar /acunetix/node-acusensor.tar

RUN chmod +x /acunetix/node-acusensor.tar

# launch the app with Acunetix 360

CMD [ "npx", "/acunetix/node-acusensor.tar", "app.js" ]

  1. Create your /testnodejs-docker/src/app.js file to read as follows:

const app = require('express')();

const port = 60000;

app.get('/', function (req, res) {

  res.send(

  '<html><body>' +

  '<h1>AcuSensor Example for Node.JS</h1>' +

  '<br>' +

  'Hello World! - Main Page' +

  '<br>' +

  '<a href="/page1">Go to Page 1</a>' +

  '</body></html>'

  );

});

app.get('/page1', function (req, res) {

  res.send(

  '<html><body>' +

  '<h1>AcuSensor Example for Node.JS</h1>' +

  '<br>' +

  'Hello World! - Page 1' +

  '<br>' +

  '<a href="/">Go to Main Page</a>' +

  '</body></html>'

  );

});

app.listen(port, function(err){

  if (err) console.log(err);

  console.log("Server listening on port: ", port);

});

  1. Create your /testnodejs-docker/src/package.json file to read as follows:

{

  "name": "testnodejs-docker",

  "version": "1.0.0",

  "dependencies": {

    "express": "*"

  }

}

Step 3. Building and running the docker image

Build and run your image with:

cd /testnodejs-docker-acusensor

docker build -t testnodejs-docker .

docker run -d -p 60000:60000 --name mytestnodejs testnodejs-docker

Step 4. Testing and scanning your web application

  1. Point your browser to your web application - in this example http://acunetixexample.com:60000 to confirm it is running as intended; you will get the following:

  1. Run a scan on your URL. The scan summary displays whether AcuSensor is used for the scan.


 
« Back to the Acunetix Support Page