Deploying AcuSensor in Acunetix 360 On-Premises

Acunetix AcuSensor increases the accuracy of an Acunetix scan by improving the crawling, detection, and reporting of vulnerabilities while decreasing false positives. Acunetix AcuSensor can be used on .NET (including .NET Core), JAVA, and PHP web applications.

Deploying AcuSensor

The unique Acunetix AcuSensor Technology identifies more vulnerabilities than a black-box web application scanner does and also further minimizes false positives. In addition, it indicates exactly where vulnerabilities are detected in your code and reports debug information.

Acunetix AcuSensor requires a sensor to be deployed on your server. This sensor is generated uniquely for each website for security reasons.

Deploying AcuSensor is optional. Acunetix is still best in class as a black-box scanner, but AcuSensor improves accuracy and vulnerability results when scanning your web applications.

Information

Ready to use the AcuSensor? Contact us.

To do this, follow these steps: From the main menu, go to Scans > New Scan > AcuSensor, then select I'm Interested in Adding AcuSensor.

Once approved, you are ready to download.

AcuSensor Fields

This table lists and explains the fields on the AcuSensor page.

Button/Section/Field

Description

Installation Files

This is the section that lets you download the required file to use on your server.

Server Platform

This lets you select the server to download the required files for your server, such as PHP and Java.

Advanced Settings

This lets you override settings for the default AcuSensor Token and Bridge URL/Port.

  • If you want to override the default token and bridge settings, make sure to change them before downloading any files for your server.

AcuSensor Token

  • This token secures communication between the Acunetix 360 scanner and the AcuSensor agent. A unique token is automatically generated for each website's installation of the AcuSensor agent.
  • If you have a token already, select the I have a token I would like to reuse checkbox and enter your token.
  • This field is mandatory.

Bridge URL and Port

  • This is the URL and port number of the IAST bridge. The bridge is used to relay information from the AcuSensor agent to the Acunetix 360 Scanning Engine.

  • You can set the default bridge URL and port on the General Settings page. This setting on the AcuSensor page lets you override the default bridge URL for each website.

  • Make sure that the AcuSensor can connect to the address/port specified.
  • This field is only mandatory for Java and Node.js.

How to download AcuSensor in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan
  3. From the Scan Settings, select AcuSensor (IAST and SCA).
  4. From the AcuSensor Settings section, select Enable AcuSensor.

  1. From the Installation Files section, select a platform from the Server Platform drop-down, then click Save As. The download starts immediately.

Warning

  • If you change these settings after the download, please re-download your files.
  • If you change your token or Bridge URL after installing the AcuSensor, you must have a clean installation so that the changes take effect.
  • Whitelist the Bridge URL (https://iast.invicti.com), if necessary.

  1. From the Advanced Settings, if required, you can do the following:
  • If you have a token already, select the I have a token I would like to reuse checkbox and enter your token.
  • Enter your Bridge URL and Port only if you want to override the default bridge URL and Port.

Setting a custom bridge service for AcuSensor

You can use the bridge service provided by Invicti (https://iast.invicti.com). OR, you can install Acunetix 360 IAST Bridge to set up a custom bridge service.

Prerequisite:

  • Install the Acunetix 360 Bridge
How to set up a custom bridge service
  1. Press the Windows logo key  
  2. Type Services.
  3. Make sure the Acunetix 360 Bridge is running.

Tips

By default, the Acunetix 360 Bridge runs at the 7880 port.

  1. Log in to Acunetix 360.
  2. From the main menu, select Settings > General.
  3. Go to the IAST Bridge section.
  4. Enter your custom URL to the Default Bridge URL field. (You can enter your custom URL like this: http://52.58.213.161:7880)
  5. Select Save.

Warning

If you change your bridge URL after installing an Acunetix 360 AcuSensor sensor, you must re-install these sensors, so the changes can take effect.

Deploying AcuSensor in your server is explained in related topics:

Information

AcuSensor has only a very minimal impact on resources on the Target machine — less than 1% in lab test results.


 
« Back to the Acunetix Support Page