This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shay_Levin
Admin
Admin
‎2021-09-12 05:03 AM

AppSec - Self Paced Hands On Lab

 

In this LAB you will attack a vulnerable web application and then you would learn how to use CloudGuard AppSec to protect it.

To access the lab click here

1 Reply
Duane_Toler
Advisor
‎2021-10-06 07:39 AM

Hello Shay!

 

I went through the AppSec demo and found a few odd things:

 

1)  With the power meter API asset in "Prevent" mode, and after enforcing the policy, I run the demo .EXE app on the VM desktop.  Yes, it did show "Forbidden (403)" in the response (as expected).  The lab document said that the usage graph would continue normally, and not reset to Zero.  However, in the web browser showing the power usage graph, the graph did not continue auto-updating.   Instead, the status showed "No communication" and the other values were not updating; they all stayed static.  I set the EXE app back to Normal Mode, and the graph resumed normally.  The AppSec services were working correctly, and blocking the API attack, however. 

 

2) When doing the k8s lab demo, the process failed when running "helm install ..." on the juice chart app:

 

root@waap-k8s:~# helm install juice juice-chart.tar.gz --set nanoToken="cp-bf0bfc7e-269c-401e-a6d2-fcc237ce880c2a6f7bec-2a24-4d0b-92f7-4727ccf7afb8"
Error: failed to download "juice-chart.tar.gz" (hint: running `helm repo update` may help)

 

Looks like there is a missing repository, and it cannot be installed via 'helm'.

 

Let me know if there is something else that needs to be done.

 

Thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events