diff --git a/README.md b/README.md index dc5efed4..fa23e97b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ -# Java Vulnerabilities Experiment +# Java Vulnerabilities Lab -This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. +This is a **vulnerable** Web Application developed by [Cyber Security and Privacy Foundation](www.cysecurity.org). +This app is intended for the Java Developers and other people who wish to learn about Web Application vulnerabilities or simply write secure code because they are concerned about security - and **`everyone should!`**. ## Prerequisites: -- [git](https://git-scm.com/downloads) +- [Git](https://git-scm.com/downloads) - with [Docker](https://docs.docker.com/install/), [docker-compose](https://docs.docker.com/compose/install/) and [Vagrant](https://www.vagrantup.com/docs/installation/) - or [JDK8+](https://openjdk.java.net/install/), [Maven](http://maven.apache.org/install.html) and [tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/setup.html) @@ -58,9 +59,9 @@ And the link at next step will require the server hostname or IP address. ## Vulnerabilities Scan -The Open Web Application Security Project (OWASP) team recommends many [tools](https://www.owasp.org/index.php/Appendix_A:_Testing_Tools) to address security matters. -One of the most popular is the OWASP `Zed Attack Proxy` (**ZAP**) tool to scan the vulnerabilities. please refer to [this guideline](docs/owasp-zap.md). -Also, if you need to automate everything in your Continuous Integration and Continuous Delivery (**CI/CD**) toolchain, you can go through this [this guideline](docs/sonarqube.md). +The Open Web Application Security Project (OWASP) team recommends many [tools](https://www.owasp.org/index.php/Appendix_A:_Testing_Tools) to address security matters, allowing to scan the vulnerabilities of Web Applications. +One of the most popular is OWASP `Zed Attack Proxy` (**ZAP**). Please refer to this [guideline](docs/owasp-zap.md) for more details. +Also, if you need to automate everything in your Continuous Integration and Continuous Delivery (**CI/CD**) toolchain, you can go through this [guideline](docs/sonarqube.md). ## Notes @@ -68,7 +69,7 @@ Also, if you need to automate everything in your Continuous Integration and Cont https://www.udemy.com/hacking-securing-java-web-programming/ -**Warning**: It's not recommanded to run this app in `Your Main Machine` or in an `online server`. Prefer using Docker or a VM (vagrant). +**Warning**: It's not recommended to run this app in `Your Main Machine` or in an `online server`. Prefer using Docker or a VM (vagrant). You can also get the VulnerableSpring Project from [here](https://github.com/CSPF-Founder/VulnerableSpring). diff --git a/docs/owasp-zap.md b/docs/owasp-zap.md index e92ee27c..d0fcc04b 100644 --- a/docs/owasp-zap.md +++ b/docs/owasp-zap.md @@ -1,7 +1,7 @@ # OWASP Zap Tool The Open Web Application Security Project (OWASP) provides a security tool, called `Zed Attack Proxy` (**ZAP**) to scan the vulnerabilities. -OWASP ZAP is one of the most popular security tools and is actively maintained. It comes with a UI and it allows to launch an automated scan against a URL of a web application - for example [http://localhost:8080](http://localhost:8080). +OWASP ZAP is one of the most popular security tools and is actively maintained. It comes with a UI and it allows to launch an automated scan against a URL of a web application - for example [http://localhost:8080/JavaVulnerableLab](http://localhost:8080/JavaVulnerableLab). ![Alt Text](assets/owasp-zap-2.8.0-screenshot.png) diff --git a/docs/sonarqube.md b/docs/sonarqube.md index 1dc43953..458aea59 100644 --- a/docs/sonarqube.md +++ b/docs/sonarqube.md @@ -48,14 +48,25 @@ docker-compose up -d sonarqube Run this command to analyse the codebase : +If SonarQube is running inside a container, on a VM (Vagrant, VPS or Local machine) : + +```sh +docker exec -it javavulnerablelab_javavulnlab_1 mvn sonar:sonar -Dsonar.host.url=http://HOSTNAME_OR_IP_ADDRESS:9000 +``` + +If you are directly on the machine : + ```sh mvn sonar:sonar ``` -It connects to the SonarQube server to retrieve information, such as rules and plugins to apply while scanning the code. +Here, by default it connects to http://localhost:9000. + +It connects to the SonarQube server to retrieve information, such as rules and plugins to apply while scanning the code. +Once the scan is completed, the resulting metrics are sent to the SonarQube server. Then you may see the dashboard [here](http://localhost:9000). ## Quality Metrics -Once this is done, we can see the metrics on SonarQube [Dashboard](http://127.0.0.1:9000/project/issues?id=org.cysecurity%3AJavaVulnerableLab&resolved=false&sonarsourceSecurity=sql-injection&types=SECURITY_HOTSPOT) +Once this is done, we can see the [vulnerabilities](http://127.0.0.1:9000/project/issues?id=org.cysecurity%3AJavaVulnerableLab&resolved=false&sonarsourceSecurity=sql-injection&types=SECURITY_HOTSPOT) metrics on SonarQube. ![Alt Text](assets/Java-SonarQube-OWASP-Vulnerabilities.png) \ No newline at end of file