- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CloudGuard - WAF
- :
- Re: AppSec - Self Paced Hands On Lab
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AppSec - Self Paced Hands On Lab
In this LAB you will attack a vulnerable web application and then you would learn how to use CloudGuard AppSec to protect it.
To access the lab click here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Shay!
I went through the AppSec demo and found a few odd things:
1) With the power meter API asset in "Prevent" mode, and after enforcing the policy, I run the demo .EXE app on the VM desktop. Yes, it did show "Forbidden (403)" in the response (as expected). The lab document said that the usage graph would continue normally, and not reset to Zero. However, in the web browser showing the power usage graph, the graph did not continue auto-updating. Instead, the status showed "No communication" and the other values were not updating; they all stayed static. I set the EXE app back to Normal Mode, and the graph resumed normally. The AppSec services were working correctly, and blocking the API attack, however.
2) When doing the k8s lab demo, the process failed when running "helm install ..." on the juice chart app:
root@waap-k8s:~# helm install juice juice-chart.tar.gz --set nanoToken="cp-bf0bfc7e-269c-401e-a6d2-fcc237ce880c2a6f7bec-2a24-4d0b-92f7-4727ccf7afb8"
Error: failed to download "juice-chart.tar.gz" (hint: running `helm repo update` may help)
Looks like there is a missing repository, and it cannot be installed via 'helm'.
Let me know if there is something else that needs to be done.
Thanks!