diff --git a/docs/questions-part3.md b/docs/questions-part3.md new file mode 100644 index 0000000..644a8d7 --- /dev/null +++ b/docs/questions-part3.md @@ -0,0 +1,10 @@ +# Questions + +## Part 3 + +- **Q3.1**: Setup your CI/CD pipeline with an additional SAST solution. I propose that you use `semgrep` for this task. Get your inspiration here: https://semgrep.dev/for/gitlab and https://docs.gitlab.com/ee/user/application_security/sast/ +- **Q3.2**: Describe the found problems (alerts) in the `calculator app` (in the original code, git tag `v3.0`) +- **Q3.3**: Install DAST OWASP ZAP on your host or in a Docker. Play with OWASP ZAP, analyze the calculator code +- **Q3.4**: Implement a DAST solution in your pipeline. Get some inspiration here https://docs.gitlab.com/ee/user/application_security/dast/ . Describe what you have integrated in your pipeline. *Note: you must ensure that your application is running while you are testing!* +- **Q3.5 (optional)**: Normally, the provided code has some bugs, which are discovered by SAST solution. Describe the found bugs (in the original code, git tag `v3.0`) and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code +- **Q3.6 (optional)**: Describe the found bugs (in the original code, git tag `v3.0`) with DAST and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code. Do corrections only in the provided code (no libraries) diff --git a/misc/docker-compose.yml b/misc/docker-compose.yml new file mode 100644 index 0000000..35a26f6 --- /dev/null +++ b/misc/docker-compose.yml @@ -0,0 +1,9 @@ +services: + nginx: + ports: + - "80:80" + container_name: nginx-1.20.0 + image: nginx:1.20.0 + volumes: + - .:/usr/share/nginx/html:ro + diff --git a/misc/index.html b/misc/index.html index e965047..931722e 100644 --- a/misc/index.html +++ b/misc/index.html @@ -1 +1 @@ -Hello +

Hello class, TSM_Cybersec

diff --git a/misc/start_juiceshop.sh b/misc/start_juiceshop.sh new file mode 100755 index 0000000..4aa3d83 --- /dev/null +++ b/misc/start_juiceshop.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +docker run --rm -p 3000:3000 bkimminich/juice-shop +