Secure Software Teams Trantor

I gave this talk in one of internal sessions at Trantor. Goal was to acquaint one of our software teams into the world of application security. This was a basic talk, just to familiarize attendees with basic information security concepts. I leveraged this opportunity to propose setting up a Red Team in Trantor.

As practical part of this session, I created a docker based virtual lab with webgoat set up. During the session we went through some of the exercises, rest were left for the attendees as homework. Here’s the docker-compose.yml file that was used in the session.

version: '3'
services:
  webgoat:
    image: webgoat/webgoat-8.0
    environment:
      - WEBWOLF_HOST=webwolf
      - WEBWOLF_PORT=9090
    ports:
      - "8080:8080"
      - "9001:9001"
    volumes:
      - ./docker-volumes/webgoat-home:/home/webgoat/.webgoat
  webwolf:
    image: webgoat/webwolf
    ports:
      - "9090:9090"
    command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0

To start the lab, simply create a directory, save above snippet as docker-compose.yml, and run docker-compose up in it. You will then be able to access webgoat on http://localhost:8080/WebGoat

comments powered by Disqus