Deploying the AcuSensor agent for .NET Core

AcuSensor enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives.  

For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.

This topic explains how to download and copy the AcuSensor files to your hard disk and install the AcuSensor to your web application.

There are 4 steps to deploy the AcuSensor agent for .NET Core.

Step 1. Downloading the AcuSensor agent

You can find the required instructions to download the AcuSensor agent in Deploying AcuSensor in Acunetix 360 On-Demand.

Information

AcuSensor supports .NET versions from 3.1 to 5.0.

Step 2. Preparing the .NET Core AcuSensor

  1. Create a folder to host the AcuSensor files. (For this example, we will assume the folder is C:\acusensor)
  2. Right-click on the downloaded AcuSensor ZIP file.
  3. Select Extract All… 
  4. Choose a destination folder and select Extract.
  5. Navigate to the destination folder and enter the .NET Core subfolder.
  6. Select all the items inside the subfolder, right-click on them, and select Copy.

  1. Navigate to the C:\acusensor folder, right-click in the window, and select Paste.

Step 3. Deploying into a Kestrel .NET Core website

  1. Navigate to your web application root folder.
  2. Create a new sitelauncher.bat file inside your web application root folder with the following contents:

SET CORECLR_ENABLE_PROFILING=1

SET CORECLR_PROFILER={7EF83539-BAB0-44D1-8E8C-48E6EC9938FA}

SET CORECLR_PROFILER_PATH=C:/acusensor/SensorProfiler.dll

SET SENSOR_SETTINGS_PATH=C:/acusensor/settings.ini

axexample-dotnetcore.exe --urls http://0.0.0.0:80

The said content assumes that the executable file for your web application is axexample-dotnetcore.exe.

  1. From the command line, navigate to your web application root folder and launch your web application

Step 4. Deploying into an IIS .NET Core website

  1. Navigate to your web application root folder.
  2. Edit your web.config file to add environment variables for using AcuSensor:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

  <location path="." inheritInChildApplications="false">

    <system.webServer>

      <handlers>

        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />

      </handlers>

      <aspNetCore processPath="dotnet" arguments=".\axexample-dotnetcore.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess">

        <environmentVariables>

          <environmentVariable name="CORECLR_PROFILER_PATH" value="C:/acusensor/SensorProfiler.dll" />

          <environmentVariable name="CORECLR_ENABLE_PROFILING" value="1" />

          <environmentVariable name="CORECLR_PROFILER" value="{7EF83539-BAB0-44D1-8E8C-48E6EC9938FA}" />

          <environmentVariable name="SENSOR_INCLUDE_EXE" value="iisexpress.exe;w3wp.exe" />

          <environmentVariable name="SENSOR_SETTINGS_PATH" value="C:/acusensor/settings.ini" />

        </environmentVariables>

      </aspNetCore>

    </system.webServer>

  </location>

</configuration>

<!--ProjectGuid: 16505b2e-7499-4c97-a9ff-d18e39913ad5-->

  1. Restart your web application from the IIS Manager.


 
« Back to the Acunetix Support Page