CloudGuard AppSec Workshop - Azure | The Video Edition! Now Available
While I hope most of you celebrating Christmas and are having a great time with family and friends, I edited for you the videos from the CloudGuard AppSec workshop!
Do you remember @Shay_Levin and I hosted several workshops a few weeks ago?
So now, in addition to the CloudGuard AppSec Workshop: Step-by-Step Guide you can follow, now you have these videos to follow!
Azure Single Gateway Deployment:
Azure VMSS Gateways Deployment:
Enjoy! And let us know what further content you would like to get 😀
Amazing workshop, can you please share the link where you have downloaded or compile the list for attacks i.e. SQL injection ldap etc. I also wanted to know that you used 2 Public IP's, I do understand that one used for host file to resolve DNS and forward to external load balancer, however I am confused with another you used under the profile for Nginx with port:1234 is because you hosted websites somewhere else? and how traffic is routed ??
With using proxy_pass. That is Appsec is used as a Nginx module and can intercept the requests seen by Nginx reverse proxy.
You can find Shay's manual how to deploy the website with the attacks here: https://community.checkpoint.com/t5/Application-Security/Vulnerable-applications-for-testing-Guide/t...
Regarding your question - yes. the assets that we protected on this workshop were hosted externally, 2 websites on the same server (that's why there are different ports).
AppSec is using NGINX as a base platform, therefore the reverse proxy streamed the traffic to the URL I configured.
sorry for the pain, I have tried the project and juiceshop config that i have used its only for http and not for https I am having issues to find config on github which run juiceshop on https, can you directly point me to exact git repository not the generic main page.
thanks in adavnce.
I didn't find a way to activate https on the JuiceShop , so i have deployed an nginx container that act as a reverse proxy for the juciseshop.