c1-app-sec-moneyx

Sample Java Spring application for Cloud One Application Security demos, build and deployable to kubernetes with Jenkins.

Detailed Description

This is a sample, vulnerable-on-purpose, Java Spring application that can be used to demo Cloud One Application Security.

MoneyX was created by the fine folks over at nVisium.

See: https://github.com/nVisium/MoneyX

Pre-Requisites for Usage

Docker
A Cloud One Application Security account
MOADSD-NG, Jenkins and Kubernetes

Usage Instructions w/ MOADSD-NG

Create the Pipeline within Jenkins
Access the demoapp URL provided by MOADSD-NG

Usage Instructions w/ Docker only

Download and run the container:

docker run --rm -d -p 8080:8080 --name moneyx-app-protect -e TREND_AP_KEY=<KEY> -e TREND_AP_SECRET=<SECRET> howiehowerton/moneyx-app-protect

Access the app on port 8080

Exploit

Follow the instructions in exploits.md to exploit the application. Demonstrate that the exploits work against the vulnerable app.
Switch Cloud One Application Security rules from "Report" to "Mitigate".
Follow the instructions in exploits.md again. Demonstrate that the exploits no longer work.

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
Dockerfile		Dockerfile
Jenkinsfile		Jenkinsfile
README.md		README.md
app.yml		app.yml
exploits.md		exploits.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

c1-app-sec-moneyx

Detailed Description

Pre-Requisites for Usage

Usage Instructions w/ MOADSD-NG

Usage Instructions w/ Docker only

Exploit

About

Releases

Packages

Contributors 2

Languages

skallstrom/c1-app-sec-moneyx

Folders and files

Latest commit

History

Repository files navigation

c1-app-sec-moneyx

Detailed Description

Pre-Requisites for Usage

Usage Instructions w/ MOADSD-NG

Usage Instructions w/ Docker only

Exploit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages