Deploying the AcuSensor agent for JAVA - Docker & WAR File in Acunetix 360
You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.
For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to deploy AcuSensor together with your web application into a Docker container.
The Java AcuSensor requires:
- Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
- Deploying the AcuSensor into your web server - this is unique for each website and can be downloaded by using Download Java AcuSensor
- Configuring your web server to use Load Time Weaving (AspectJWeaver)
This document assumes:
Deploying AcuSensor in Java - Docker & WAR File consists of 6 steps:
Before, going into details, you need to run the following command on the Spring Boot Docker deployment: mkdir /root/mywar/
Deploying AspectJWeaver for your container
- Open a terminal
- Run the following commands to download and deploy AspectJWeaver:
- cd /root/mywar/
- wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
- mv aspectjweaver-1.9.5.jar aspectjweaver.jar
- Create a target website in Acunetix 360 for the exact URL of your new web application (for this example: http://<mydockerhostipaddress>:8080/helloworld/)
- Download the AcuSensor for Java for your web application target
- Copy the AcuSensor (AcuSensor.jar) to the docker host into folder /root/mywar/
Preparing Environment Variables for Tomcat to use AcuSensor
- Run the following command on the docker host: nano /root/mywar/setenv.sh
- This will create a new file. Add this line to the setenv.sh file:
JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/local/tomcat/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
- Exit nano and save the changes to the setenv.sh file.
Preparing your web application for your container
- Build your application called, for example, HelloWorld.war
- Copy the HelloWorld.war file to the docker host folder /root/mywar/
Create Dockerfile for your web application
- Run the following command to create and edit your Dockerfile: nano /root/mywar/Dockerfile
- Edit the contents of your docker file to show the following:
COPY AcuSensor.jar /usr/local/tomcat/lib/acusensor.jar
COPY aspectjweaver.jar /usr/local/tomcat/lib/aspectjweaver.jar
COPY HelloWorld.war /usr/local/tomcat/webapps/helloworld.war
CMD ["catalina.sh", "run"]
The parameter "-Dacusensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".
- Save the docker file and exit the nano editor
Build your Docker Image and Start a Container based on the Image
- Run the following commands on the docker host:
- cd /root/mywar/
- docker build -t mywar:test
- docker run --publish:8080:8080 --detach --name mywar mywar:test
Confirm your new web application works by pointing your browser to your docker container:
Now, you are ready to scan your web application with Acunetix 360.