Create a Post
Shay_Levin
Admin
Admin

AppSec - Self Paced Hands On Lab

 

In this LAB you will attack a vulnerable web application and then you would learn how to use CloudGuard AppSec to protect it.

To access the lab click here

0 Kudos
1 Reply
Duane_Toler
Collaborator

Hello Shay!

 

I went through the AppSec demo and found a few odd things:

 

1)  With the power meter API asset in "Prevent" mode, and after enforcing the policy, I run the demo .EXE app on the VM desktop.  Yes, it did show "Forbidden (403)" in the response (as expected).  The lab document said that the usage graph would continue normally, and not reset to Zero.  However, in the web browser showing the power usage graph, the graph did not continue auto-updating.   Instead, the status showed "No communication" and the other values were not updating; they all stayed static.  I set the EXE app back to Normal Mode, and the graph resumed normally.  The AppSec services were working correctly, and blocking the API attack, however. 

 

2) When doing the k8s lab demo, the process failed when running "helm install ..." on the juice chart app:

 

root@waap-k8s:~# helm install juice juice-chart.tar.gz --set nanoToken="cp-bf0bfc7e-269c-401e-a6d2-fcc237ce880c2a6f7bec-2a24-4d0b-92f7-4727ccf7afb8"
Error: failed to download "juice-chart.tar.gz" (hint: running `helm repo update` may help)

 

Looks like there is a missing repository, and it cannot be installed via 'helm'.

 

Let me know if there is something else that needs to be done.

 

Thanks!

0 Kudos