Feature/lab11#11
Open
ellilin wants to merge 13 commits into
Open
Conversation
Complete triage report for OWASP Juice Shop deployment including: - Scope & Asset information (v19.0.0) - Environment details (macOS, Docker 28.3.3) - Deployment verification with health checks - Surface snapshot analysis - Top 3 security risks identified - PR template setup documentation - GitHub community engagement section
- Generate SBOMs with Syft and Trivy for OWASP Juice Shop v19.0.0 - Perform SCA with Grype and Trivy vulnerability scanning - Compare toolchain capabilities: accuracy, coverage, features - Analyze 1139 packages, 146 vulnerabilities, 32 license types - Document critical vulnerabilities and remediation strategies Co-Authored-By: Claude (glm-5) <noreply@anthropic.com>
- SAST analysis with Semgrep (25 code-level findings) - DAST analysis with ZAP, Nuclei, Nuclei, SQLmap - Authenticated vs unauthenticated scan comparison - Tool comparison matrix and recommendations - SAST/DAST correlation analysis
…lysis - Scanned Terraform with tfsec, Checkov, and Terrascan (45, 78, 22 findings) - Scanned Pulumi with KICS (6 findings: 1 CRITICAL, 2 HIGH, 1 MEDIUM) - Scanned Ansible with KICS (10 findings: 9 HIGH, 1 LOW) - Created comprehensive tool comparison matrix - Identified 161 total security vulnerabilities across all frameworks - Documented top 5 critical findings with remediation code examples - Provided CI/CD integration strategy with quality gates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal
Complete Lab 11 by placing OWASP Juice Shop behind an Nginx reverse proxy and hardening the deployment with HTTPS, security headers, rate limiting, and timeout controls, with all required evidence captured in the repository.
Changes
labs/submission11.mdwith the full Lab 11 report and analysislabs/lab11/analysis/for redirect behavior, headers, TLS scan results, and rate limiting.gitignorefiles forlabs/lab11/logs/andlabs/lab11/reverse-proxy/certs/to avoid committing runtime logs and private key materialTesting
labs/lab11Docker Compose stack and verified HTTP redirects to HTTPS withHTTP 308http://localhost:8080andhttps://localhost:8443, including HSTS only on HTTPStestssl.shagainst the HTTPS endpoint and performed a login burst test that produced401and429responses, with matching access-log evidenceArtifacts & Screenshots
labs/submission11.mdlabs/lab11/analysis/compose-ps.txtlabs/lab11/analysis/http-redirect.txtlabs/lab11/analysis/headers-http.txt,labs/lab11/analysis/headers-https.txtlabs/lab11/analysis/testssl.txt,labs/lab11/analysis/testssl-summary.txtlabs/lab11/analysis/rate-limit-test.txt,labs/lab11/analysis/access-log-rate-limit.txtChecklist
feat:,fix:,docs:)