Deploying AcuSensor for JAVA - Windows/Linux (JBOSS 7.4 Standalone + WAR File)

The following article explains how you can run a Java application in JBOSS and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.

Step 1: Prepare AcuSensor for Java

In this example, the test application is deployed to the following URL: (in a production environment, you will need to change this to the hostname you will use for your deployment).

  • Create a new target for your URL.
  • Download AcuSensor for Java from the Acunetix UI and retain the AcuSensor.jar file for the next step (AcuSensor.jar saved to C:\acusensor\ in our example). Change the paths accordingly if you are using the JAVA IAST Sensor on Linux.

Step 2: Deploy AcuSensor and required components


  • Edit the contents of the %JBOSS_HOME%\bin\standalone.conf.bat file and add the following to the bottom of the file:

rem *** Acusensor settings

set "JAVA_OPTS=%JAVA_OPTS% -Dacusensor.debug.log=ON"

set "MODULE_OPTS=-javaagent:C:\acusensor\AcuSensor.jar


  • Edit the contents of the %JBOSS_HOME%/bin/standalone.conf file and add the following to the bottom of the file:

# *** Acusensor settings

JAVA_OPTS="$JAVA_OPTS -Dacusensor.debug.log=ON"


Step 3: Deploy your application and start your JBOSS server

  • Ensure that your web application is deployed.
  • From the command line, navigate to your %JBOSS_HOME%\bin folder, and launch JBOSS.

Step 4: Test and scan your web application

  • Point your browser to your web application to confirm it is running as intended.
  • Run a scan on your target. The Activity panel will confirm that AcuSensor was detected and used for the scan.


« Back to the Acunetix Support Page