To clone the repository locally, use the following command:
git clone https://github.com/PacktPublishing/Software-Security-Testing.git
If you do not have Git installed, refer to their installation pages.
All labs in this repository are run using Docker containers and can be pulled from DockerHub. To download Docker, refer to their documentation pages. Installing docker-compose is also preferred.
The easiest way to get started is using docker-compose. First, change directory to the cloned repository:
cd Software-Security-Testing/
Then run the following command:
docker-compose up -d
After this step, all labs will be up and ready to use.
To stop the labs, use the following command:
docker-compose down
Docker-compose pulls and builds all labs from DockerHub at once. The labs can be set up individually either by pulling them from DockerHub or by building them locally using the Dockerfiles provided in the GitHub repository.
Labs can be pulled from DockerHub individually as shown below:
docker pull cyberacademylabs/common_web_attacks
docker pull cyberacademylabs/session_puzzling
docker pull cyberacademylabs/oracle_padding
docker pull cyberacademylabs/ldap_injection
docker pull cyberacademylabs/cors_attack
docker pull cyberacademylabs/url_redirect
After these steps, the Docker images will be pulled locally but the labs will not be active yet. Refer to the 'Starting the Docker containers' section to start the labs.
To build the labs from the Dockerfiles provided, use the following commands:
docker build -t cyberacademylabs/common_web_attacks Common\ Web\ Vulnerabilities\ Lab/Common_attacks/
docker build -t cyberacademylabs/session_puzzling Session\ Puzzling\ Lab/SessionPuzzle/
docker build -t cyberacademylabs/ldap_injection LDAP\ Injection\ Lab/Ldap-injection/
docker build -t cyberacademylabs/cors_attack Cross\ Origin\ Resource\ Sharing\ Lab/CORS/
docker build -t cyberacademylabs/url_redirect URL\ Redirect\ Lab/Url-redirection/
docker run --name common_web_attacks --hostname common_attacks -p 80:80 cyberacademylabs/common_web_attacks
docker run --name session_puzzling --hostname session_puzzle -p 5000:5000 cyberacademylabs/session_puzzling
docker run --name oracle_padding --hostname oracle_padding -p 5001:5001 cyberacademylabs/oracle_padding
docker run --name ldap_injection --hostname ldap_injection -p 5002:5002 cyberacademylabs/ldap_injection
docker run --name cors_attack --hostname cors_attack -p 5003:5003 cyberacademylabs/cors_attack
docker run --name url_redirect --hostname redirect -p 5004:5004 cyberacademylabs/url_redirect
To stop the running containers, use the following command:
docker stop container_name
docker rm container_name
These labs were build to demonstrate security issues. Please make sure to stop the labs once you have completed course exercises.