Deploying AcuSensor for .NET - AWS Elastic Beanstalk

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

The following article shows you how you can run a dotNET application in AWS Elastic Beanstalk and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.

Create your Target in Acunetix

For this example, we will assume that the URL for your target is http://eb.acunetixexample.com. Create a target with your URL, enable AcuSensor, download the AcuSensor agent file dotnet-acusensor.zip, and save this file for use later on.

Create your web application using Visual Studio

Select the File -> New -> Project menu option

In the Create a new project window, search for web application, select ASP.NET Web Application (.NET Framework), and click the Next button

Set your project name (in this example we are using axexample-dotnet) and click the Create button

In the Create a new ASP.NET Web Application window, select the Empty template, uncheck the Configure for HTTPS option, and click the Create button

Right click on the axexample-dotnet project name and select the Add -> HTML Page menu option

Set the Item name field to index and click the OK button

Edit your index.html file to read as follows:

<!DOCTYPE html>

<html>

<head>

</head>

<body>

<h1>Test dotNET Site Example for AWS Elastic Beanstalk</h1>

<br>

Hello World! - Main Page

<br>

</body>

</html>

Repeat the process to create a page1.html file; edit your page1.html file to read as follows:

<!DOCTYPE html>

<html>

<head>

</head>

<body>

<h1>Test dotNET Site Example for AWS Elastic Beanstalk</h1>

<br>

Hello World! - Page 1

<br>

</body>

</html>

Save your changes to index.html and page1.html files
Right click on the axexample-dotnet project name and select the Publish menu option

In the Publish window, select the Web Server (IIS) target, and click the Next button

Next, select the Web Deploy Package specific target, and click the Next button

Now, set your Package location to C:\axexample-dotnet\axexample-dotnet.zip, set your Site name to axexample-dotnet, and click the Finish button; if necessary, create the C:\axexample-dotnet folder to hold your files

Finally, click the Publish button

Using Windows Explorer, navigate to the C:\axexample-dotnet folder and remove the following files:

axexample-dotnet.deploy.cmd
axexample-dotnet.deploy-readme.txt
axexample-dotnet.SourceManifest.xml

At this stage, the C:\axexample-dotnet folder should contain the following two files:

axexample-dotnet.zip
axexample-dotnet.SetParameters.xml

Complete your application source code bundle

This simple web application will be defined through the following file structure:

C:\axexample-dotnet\.ebextensions

C:\axexample-dotnet\.ebextensions\acesensor.config

C:\axexample-dotnet\aws-windows-deployment-manifest.json

C:\axexample-dotnet\axexample-dotnet.SetParameters.xml

C:\axexample-dotnet\axexample-dotnet.zip

C:\axexample-dotnet\dotnet-acusensor.zip

Create your C:\axexample-dotnet\.ebextensions folder
Create your C:\axexample-dotnet\.ebextensions\acusensor.config file to read as follows:

files:

"C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\90create_folder.bat":

content: mkdir C:\acusensor

"C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\91extract_acusensor.bat":

content: powershell Expand-Archive -force C:\staging-previous\dotnet-acusensor.zip -DestinationPath C:\acusensor

"C:\\Program Files\\Amazon\\ElasticBeanstalk\\hooks\\appdeploy\\post\\92inject_acusensor.bat":

content: "C:\acusensor\.NET Framework\injector.exe" -m inject -t http://localhost:80/

Create your C:\axexample-dotnet\aws-windows-deployment-manifest.json file to read as follows:

{

"manifestVersion": 1,

"deployments": {

"msDeploy": [

{

"name": "axexample-dotnet",

"parameters": {

"appBundle": "axexample-dotnet.zip",

"iisPath": "/"

}

]

}

Copy the dotnet-acusensor.zip file you created earlier into C:\axexample-dotnet\dotnet-acusensor.zip
Finally, build the source code bundle from the command line with:

powershell Compress-Archive -Path C:\axexample-dotnet\* -DestinationPath %USERPROFILE%\Desktop\axexample-dotnet-aws.zip

Retain your zip file for deployment steps below

Deploy your web application to AWS Elastic Beanstalk

From your AWS Dashboard, navigate to Elastic Beanstalk -> Environments
Click the Create a new environment button

Set your environment tier to Web server environment

Click the Select button
In the Elastic Beanstalk -> Create environment page:

Set the Application name field to the name for your web application; in this example you will use the name axexample-dotnet

Set the Platform dropdown to .NET on Windows Server

Enable the Upload your code option and click the Choose file button

Select your axexample-dotnet.zip source code bundle for upload and click the Create environment button

AWS Elastic Beanstalk will now create your environment; this can take a few minutes
When the process is complete you will be sent to your environment's dashboard

Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk:

you will need this to create a CNAME to point to this URL
in this example, we would create a CNAME for eb.acunetixexample.com to point to axexampledotnet-env.eba-phzhexiv.us-east-1.elasticbeanstalk.com; here is an example using the Namecheap cPanel interface:

Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.acunetixexample.com):

Test and scan your web application

Point your browser to your web application - in this example http://eb.acunetixexample.com - to confirm it is running as intended; you will get the following:

Finally, run a scan on your target; the Activity panel will confirm that AcuSensor was detected and used for the scan.

« Back to the Acunetix Support Page