Skip to content

Commit

Permalink
fine-tuning readme and sonar quide
Browse files Browse the repository at this point in the history
  • Loading branch information
newlight77 committed Oct 7, 2019
1 parent ffcaccf commit ece131d
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 10 deletions.
15 changes: 8 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# Java Vulnerabilities Experiment
# Java Vulnerabilities Lab

This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code.
This is a **vulnerable** Web Application developed by [Cyber Security and Privacy Foundation](www.cysecurity.org).
This app is intended for the Java Developers and other people who wish to learn about Web Application vulnerabilities or simply write secure code because they are concerned about security - and **`everyone should!`**.

## Prerequisites:

- [git](https://git-scm.com/downloads)
- [Git](https://git-scm.com/downloads)
- with [Docker](https://docs.docker.com/install/), [docker-compose](https://docs.docker.com/compose/install/) and [Vagrant](https://www.vagrantup.com/docs/installation/)
- or [JDK8+](https://openjdk.java.net/install/), [Maven](http://maven.apache.org/install.html) and [tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/setup.html)

Expand Down Expand Up @@ -58,17 +59,17 @@ And the link at next step will require the server hostname or IP address.

## Vulnerabilities Scan

The Open Web Application Security Project (OWASP) team recommends many [tools](https://www.owasp.org/index.php/Appendix_A:_Testing_Tools) to address security matters.
One of the most popular is the OWASP `Zed Attack Proxy` (**ZAP**) tool to scan the vulnerabilities. please refer to [this guideline](docs/owasp-zap.md).
Also, if you need to automate everything in your Continuous Integration and Continuous Delivery (**CI/CD**) toolchain, you can go through this [this guideline](docs/sonarqube.md).
The Open Web Application Security Project (OWASP) team recommends many [tools](https://www.owasp.org/index.php/Appendix_A:_Testing_Tools) to address security matters, allowing to scan the vulnerabilities of Web Applications.
One of the most popular is OWASP `Zed Attack Proxy` (**ZAP**). Please refer to this [guideline](docs/owasp-zap.md) for more details.
Also, if you need to automate everything in your Continuous Integration and Continuous Delivery (**CI/CD**) toolchain, you can go through this [guideline](docs/sonarqube.md).

## Notes

**The full course on Hacking and Securing Web Java Programs is available in**

https://www.udemy.com/hacking-securing-java-web-programming/

**Warning**: It's not recommanded to run this app in `Your Main Machine` or in an `online server`. Prefer using Docker or a VM (vagrant).
**Warning**: It's not recommended to run this app in `Your Main Machine` or in an `online server`. Prefer using Docker or a VM (vagrant).

You can also get the VulnerableSpring Project from [here](https://github.com/CSPF-Founder/VulnerableSpring).

7 changes: 7 additions & 0 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
/usr/local/bin/docker-compose up -d javavulnlab mysql
SHELL

config.vm.provision "sonar", type: "shell", inline: <<-SHELL
cd /vagrant
/usr/local/bin/docker-compose up -d sonarqube
sleep 10
/bin/docker exec vagrant_javavulnlab_1 mvn sonar:sonar -Dsonar.host.url=http://192.168.10.10:9000
SHELL

end
2 changes: 1 addition & 1 deletion docs/owasp-zap.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# OWASP Zap Tool

The Open Web Application Security Project (OWASP) provides a security tool, called `Zed Attack Proxy` (**ZAP**) to scan the vulnerabilities.
OWASP ZAP is one of the most popular security tools and is actively maintained. It comes with a UI and it allows to launch an automated scan against a URL of a web application - for example [http://localhost:8080](http://localhost:8080).
OWASP ZAP is one of the most popular security tools and is actively maintained. It comes with a UI and it allows to launch an automated scan against a URL of a web application - for example [http://localhost:8080/JavaVulnerableLab](http://localhost:8080/JavaVulnerableLab).

![Alt Text](assets/owasp-zap-2.8.0-screenshot.png)

Expand Down
26 changes: 24 additions & 2 deletions docs/sonarqube.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,36 @@ docker-compose up -d sonarqube

Run this command to analyse the codebase :

If using Vagrant :

```sh
vagrant ssh
sudo su -
cd /vagrant
docker-compose up -d sonarqube
sleep 5
docker exec vagrant_javavulnlab_1 mvn sonar:sonar -Dsonar.host.url=http://192.168.10.10:9000
```

If SonarQube is running inside a container on a VM :

```sh
docker exec javavulnerablelab_javavulnlab_1 mvn sonar:sonar -Dsonar.host.url=http://HOSTNAME_OR_IP_ADDRESS:9000
```

If you are directly on a machine :

```sh
mvn sonar:sonar
```

It connects to the SonarQube server to retrieve information, such as rules and plugins to apply while scanning the code.
Here, by default it connects to http://localhost:9000.

It connects to the SonarQube server to retrieve information, such as rules and plugins to apply while scanning the code.
Once the scan is completed, the resulting metrics are sent to the SonarQube server. Then you may see the dashboard [here](http://localhost:9000).

## Quality Metrics

Once this is done, we can see the metrics on SonarQube [Dashboard](http://127.0.0.1:9000/project/issues?id=org.cysecurity%3AJavaVulnerableLab&resolved=false&sonarsourceSecurity=sql-injection&types=SECURITY_HOTSPOT)
Once this is done, we can see the [vulnerabilities](http://127.0.0.1:9000/project/issues?id=org.cysecurity%3AJavaVulnerableLab&resolved=false&sonarsourceSecurity=sql-injection&types=SECURITY_HOTSPOT) metrics on SonarQube.

![Alt Text](assets/Java-SonarQube-OWASP-Vulnerabilities.png)

0 comments on commit ece131d

Please sign in to comment.