SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Configuring Netsparker Enterprise for Amazon Web Services

Netsparker Enterprise can be configured to run scanner agents on Amazon Web Services (AWS). When you launch a new scan, Netsparker Enterprise will create a new instance for the target scan and terminate it automatically once the scan is completed.

Once this setup is completed, you can configure Cloud Provider Settings.

AWS Configuration

First, you need to install and configure the scanner agent on an EC2 instance and then create a machine image (AMI) to use it as a base instance.

Each stage of this process is outlined below:

  1. Selecting a Region
  2. Creating S3 Buckets
  3. Creating IAM Users
  4. Creating an AMI for Scanner Agent
  5. Configuring Netsparker Enterprise Web Application

Selecting a Region

Netsparker Enterprise uses AWS S3 for storage needs and EC2 for launching new instances. EC2 and S3 resources need to be in the same AWS region. For that reason, please choose an AWS region and create all resources in that region.

How to Select a Region

For information on how to select a region, see Amazon EMR documentation, Choose an AWS Region.

Creating S3 Buckets

Netsparker Enterprise needs three different buckets to store scan data.

How to Create S3 Buckets

  1. Open the AWS console and navigate to the S3 service.
  2. Create 3 buckets for screenshots, raw scan data and customizations. For example, you can use bucket names like below:
  • exampleinc.nc.scandata (for raw scan data)
  • exampleinc.nc.scanscreenshots (for screenshots)
  • exampleinc.nc.customizations (for customizations)

Creating IAM Users

Go to AWS console and navigate to IAM service.

How to Create an Access Policy for the Web Application

  1. Where?
  2. Click Policies.
  3. Click Create Your Own Policy.
  4. Enter a policy name (e.g. NCWebAppPolicy).
  5. Enter your bucket names to the policy template below (click to view) and paste it into the Policy Document field.

  1. Click Create Policy.

How to Create an Access Policy for the Scanner Agent

  1. Click Policies.
  2. Click Create Your Own Policy.
  3. Enter a policy name for scanner agent (i.e. NCAgentPolicy).
  4. Enter your bucket names to policy template below (click to view) and paste it into the Policy Document field.

  1. Click Create Policy.

How to Create a User for the Web Application

  1. Click Users.
  2. Click Add User.
  3. Enter a user name (i.e. NCWebApp).
  4. Select Programmatic access for Access Type and click Next.

  1. Click Attach existing policies directly.

  1. Select the previously created web app policy.
  2. Click Next to create the web app user.
  3. Save access and security key to use it later.

How to Create a User for Scanner Agent

  1. Click Users.
  2. Click Add User.
  3. Enter a user name (i.e. NCAgent).
  4. Select Programmatic access for Access Type and click Next.

  1. Click Attach existing policies directly.

  1. Select the previously created scanner agent policy.
  2. Click Nextto create the scanner agent user.
  3. Save access and security key to use it later

Creating an AMI for the Scanner Agent

There are three steps to this process:

  1. Launching an Instance for the Scanner Agent
  2. Configuring the Scanner Agent Instance
  3. Creating a Scanner Agent Image

Launching an Instance for the Scanner Agent

First, you need to launch an instance for a Scanner Agent.

How to Launch an Instance for a Scanner Agent

  1. Go to EC2 service
  2. Click Instances on the left navigation menu
  3. Click Launch Instance.
  4. Select Microsoft Windows Server 2012 R2 Base as AMI.

  1. Select an instance type (c4.large recommended).

  1. Click Configure Instance Details.
  2. Set Auto-assign Public IP to Enable. This is needed for RDP connections.

  1. Click Next: Add Storage and set disk size (Min 30 GB recommended).
  2. Click Next: Add Tags.
  3. Click Next: Configure Security Group.
  4. Click Review and Launch.

Configuring the Scanner Agent Instance

Next, you need to install the Netsparker Scanner Agent to the target EX2 instance.

How to Configure a Scanner Agent Instance

  1. Go to EC2 service
  2. Click Instances on the left navigation menu.
  3. Right click to previously launched scanner agent instance and click Connect.

  1. Connect to your instance with the provided RDP information.
  2. Ensure you can connect to your on-premises Netsparker Enterprise Web Application from this instance.
  3. Download “AgentSetup.exe” to your instance.
  4. Run “AgentSetup.exe” and install scanner agent.
  5. Start a command prompt and type: cd “C:\Program Files (x86)\Netsparker Cloud Agent”

  1. By default, scanner agent is not configured run in AWS. Type this command to uninstall scanner agent windows service: Netsparker.Cloud.Agent.exe /u

  1. Open agent’s configuration file with a text editor: C:\Program Files (x86)\Netsparker Cloud Agent \Netsparker.Cloud.Agent.exe.config
  2. Navigate to <netsparker> section and set “agentType” to “Cloud”
  3. Save Netsparker.Cloud.Agent.exe.config file
  4. Type this command to re-install scanner agent windows service: Netsparker.Cloud.Agent.exe /i

Creating a Scanner Agent Image

Next, you need to create an AMI that will be used as a base image for new scans.

How to Create a Scanner Agent Image

  1. Open EC2ConfigService Settings on your agent instance.

  1. Check Enable UserData and click Apply.

  1. Go to Image tab and specify an RDP password. Click Apply.
  2. Click Shutdown with Sysprep.

  1. Open EC2 instances page on AWS console.
  2. Wait for agent instance to be stopped.
  3. Once agent instance is stopped, right click and then click Create Image. Enter a name for your image and click Create Image.

  1. Go to the AMIs page and save your AMI ID to use it later.

Configuring the Netsparker Enterprise Web Application

Next, you need to configure your AWS settings.

How to Configure the Netsparker Enterprise Web Application

  1. Make an RDP connection to your NC web application server
  2. Open the NC web application and navigate to “Settings > Cloud” page
  3. From the main menu, click Settings, then Cloud.
  4. Enter your AWS settings in that page. “Deployment Bucket Name” setting is not required, you can enter a dummy value to it.
  5. You can find instance type, subnet id and key pair name settings on your stopped instance’s details. You need to click on “Security Group” to get the security group id. (i.e. sg-abc3fec2)

  1. You can run new scans on your AWS environment now.

Updating the Web Application

Next, you need to configure your AWS settings.

How to Update the Web Application

  1. From the main menu, click Settings, then License.
  2. Click Check for Updates. Download the latest version.
  3. Run WebAppSetup.exe to update the web application to the latest version.

Updating Scanner Agent

Next, you need to update the Scanner Agent.

How to Update the Scanner Agent

  1. Open AMI page on AWS EC2 console. Right click to your current scanner agent’s AMI and launch an instance.
  2. Once your scanner agent instance is ready, make an RDP connection to it.
  3. Download latest AgentSetup.exe to scanner agent instance.
  4. Once the new scanner agent is installed and create a new AMI of your instance as described in “Create Scanner Agent Image” section in this document.
  5. After you finished creating the new AMI, open the NC web application. From the main manu, click Settings, then Cloud Provider Settings. Enter your new AMI and click save.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO