Deploying AcuSensor for Node.js - AWS Elastic Beanstalk

πŸ” AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

The following article shows you how you can run a Node.js application in AWS Elastic Beanstalk and then use AcuSensor to run an interactive application security testing (IAST)Β scan for that application.

Create your Target in Acunetix

For this example, we will assume that the URL for your target is http://eb.acunetixexample.com. Create a target with your URL, enable AcuSensor, download the AcuSensor agent file node-acusensor.tar, and save this file for use later on.

Create your application source code bundle

This simple web application will be defined through the following file structure:

~/axexample-nodejs/

~/axexample-nodejs/app.js

~/axexample-nodejs/package.json

~/axexample-nodejs/node-acusensor.tar

  • Create your /axexample-nodejs/app.jsΒ file to read as follows:

const app = require('express')();

var port = process.env.PORT || 60000;

app.get('/', function (req, res) {

Β  res.send(

Β  '<html><body>' +

Β  '<h1>Test Node.js Site Example for AWS Elastic Beanstalk</h1>' +

Β  '<br>' +

Β  'Hello World! - Main Page' +

Β  '<br>' +

Β  '<a href="/page1">Goto Page 1</a>' +

Β  '</body></html>'

Β  );

});

app.get('/page1', function (req, res) {

Β  res.send(

Β  '<html><body>' +

Β  '<h1>Test Node.js Site Example for AWS Elastic Beanstalk</h1>' +

Β  '<br>' +

Β  'Hello World! - Page 1' +

Β  '<br>' +

Β  '<a href="/">Goto Main Page</a>' +

Β  '</body></html>'

Β  );

});

app.listen(port, function(err){

Β  if (err) console.log(err);

Β  console.log("Server listening on port: ", port);

});

  • Create your /axexample-nodejs/package.jsonΒ file to read as follows:

{

Β  "name": "axexample-nodejs",

Β  "version": "1.0.0",

Β  "dependencies": {

Β  Β  "express": "*",

Β  Β  "node-acusensor": "file:node-acusensor.tar"

Β  },

Β  "scripts": {

Β  Β  "start": "npx node-acusensor.tar app.js"

Β  }

}

  • Copy the node-acusensor.tarΒ file you created earlier into ~/axexample-nodejs/node-acusensor.tar.
  • Finally, build the source code bundle with:

cd ~/axexample-nodejs

zip -rq axexample-nodejs.zip .

  • Download your acunetix-nodejs.zipΒ file to your desktop and retain your zip file for deployment steps below

Deploy your web application to AWS Elastic Beanstalk

  • From your AWS Dashboard, navigate to Elastic Beanstalk -> Environments
  • Click the Create a new environmentΒ button

  • Set your environment tier to Web server environment

  • Click the SelectΒ button
  • In the Elastic Beanstalk -> Create environmentΒ page:
  • Set the Application nameΒ field to the name for your web application; in this example you will use the name axexample-nodejs

  • Set the PlatformΒ dropdown to Node.js

  • Enable the Upload your codeΒ option and click the Choose fileΒ button

  • Select your axexample-nodejs.zipΒ source code bundle for upload and click the Create environmentΒ button
  • AWS Elastic Beanstalk will now create your environment; this can take a few minutes
  • When the process is complete you will be sent to your environment's dashboard

  • Take note of your environment's new URL which was created automatically by AWS Elastic Beanstalk:
  • you will need this to create a CNAME to point to this URL
  • in this example, we would create a CNAME for eb.acunetixexample.comΒ to point to axexamplenodejs-env.eba-affkbc2q.us-east-1.elasticbeanstalk.com; here is an example using the NamecheapΒ cPanel interface:

  • Once the CNAME record has been added (giving time for DNS records to propagate), you can see the web application you have created by browsing to your URL (in this example http://eb.acunetixexample.com):

Test and scan your web application

Point your browser to your web application - in this example http://eb.acunetixexample.comΒ - to confirm it is running as intended; you will get the following:

Finally, run a scan on your target; the ActivityΒ panel will confirm that AcuSensor was detected and used for the scan.

 

Β« Back to the Acunetix Support Page