prepare repo

OWASP · Jan 17, 2020 · de115b6 · de115b6
1 parent cfa4fb5
commit de115b6
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 32 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 
 # ![alt DVSA](https://i.imgur.com/Z4L7MqL.png)
 
-## a Damn Vulnerable Serverless Application 
+## a Damn Vulnerable Serverless Application
 
 - - -
 Damn Vulnerable Serverless Application (DVSA) is a deliberately vulnerable application aiming to be an aid for security professionals to test their skills and tools in a legal environment, help developers better understand the processes of securing serverless applications and to aid both students & teachers to learn about serverless application security in a controlled class room environment.
@@ -13,7 +13,7 @@ Please note, there are **both documented and undocumented vulnerabilities** with
 
 
 
-- - - 
+- - -
 ## Disclaimer
 
 ***Do not install DVSA on a production account***
@@ -58,35 +58,35 @@ If you get a "command not found" error, see the "Steps to Take after Installatio
 - `npm i`
 
 ##### Deploy Backend
-- `sls deploy` 
+- `sls deploy`
 
 ##### Build Client
-- `npm run-script client:build` 
+- `npm run-script client:build`
 
 ##### Deploy Client
-- `sls client deploy` 
+- `sls client deploy`
 
 - - -
 ## Running locally
 
 #### Run Client
-- `npm run-script client:start` 
+- `npm run-script client:start`
 
 **_Note_**: This will only work if you previously deployed the backend. If this fails, confirm you still have a `be-stack.json` file at the root of this project.
 
 #### Run Backend
-- `npm start` 
+- `npm start`
 
 If you want to point your local client to your local backend, edit your `be-stack.json` and set `ServiceEndpoint` to `http://localhost:3000`. Note that you will still be using the Cognito pools in AWS.
 
-- - - 
+- - -
 ## Email subscription
 
 DVSA sends receipts in the email (which will help you in hacking it). You can use the built-in **Inbox** page within the application to get the emails and obtain the receipts.
 
 **_Note_**: each user will be assigned an email from `mailsac.com` which will be automatically verified. Real emails will be sent to their account and will appear in the application Inbox page. All this is **transparent** to the user and the deployer).
 
-**_Note_**: to make the email verification script work your default AWS region has to be "US East (N. Virginia)", for example by setting `region = us-east-1` in your ~/.aws/config file 
+**_Note_**: to make the email verification script work your default AWS region has to be "US East (N. Virginia)", for example by setting `region = us-east-1` in your ~/.aws/config file
 
 **Alternatively**, if you want users to receive emails to their registered email account (e.g. gmail), use one of the followings:
 
@@ -97,7 +97,7 @@ DVSA sends receipts in the email (which will help you in hacking it). You can us
 - [Request a sending limit increase](https://console.aws.amazon.com/support/v1#/case/create?issueType=service-limit-increase&limitType=service-code-ses). This will allow your entire cloud account to send emails to any address.
 
 
-- - - 
+- - -
 ## Presentation
 [Download](OWASP_DC_SLS_Top10.pdf)
 
@@ -112,7 +112,7 @@ see [LESSONS](AWS/LESSONS/README.md) for information about hacking DVSA.
 see [VIDEOS](AWS/VIDEOS) for how to deploy, use and hack DVSA.
 
 
-- - - 
+- - -
 ## Links
 [OWASP Top 10 - Serverless Interpretation](https://github.com/OWASP/Serverless-Top-10-Project/blob/master/README.md)
 

diff --git a/backend/serverless/scripts/dist_s3/bundle.js b/backend/serverless/scripts/dist_s3/bundle.js
diff --git a/backend/serverless/scripts/onstart.py b/backend/serverless/scripts/onstart.py
@@ -14,8 +14,7 @@ def main():
     print("#          WARNING! Do NOT install DVSA on a production account            #")
     print("#                                                                          #")
     print("#     You are deploying DVSA: a Damn vulnerable Serverless Application     #")
-    print("#   This project was developed by Tal Melamed (@4ppsec) and was donated    #")
-    print("#    to OWASP by Protego Labs (protego.io), acquired by checkpoint.com     #")
+    print("#            This project was developed by Tal Melamed (@4ppsec)           #")
     print("#      Please read all the necessary information on the project page:      #")
     print("#  https://github.com/owasp/dvsa | online version: http://serverless.fail  #")
     print("#                                                                          #")

diff --git a/backend/src/functions/order-api/package.json b/backend/src/functions/order-api/package.json
@@ -7,9 +7,6 @@
     "node-jose": "^0.3.0",
     "node-serialize": "^0.0.4"
   },
-  "devDependencies": {
-    "serverless-plugin-protego-fsp": "https://artifactory.app.protego.io/protego-serverless-plugin.tgz"
-  },
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dvsa",
-  "version": "1.0.0",
+  "version": "1.2.2",
   "description": "DVSA - Damn Vulneravle SERVERLESSS Application",
   "main": "index.js",
   "scripts": {
@@ -13,20 +13,19 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/protegolabs/DVSA.git"
+    "url": "git+https://github.com/owasp/DVSA.git"
   },
   "keywords": [
     "DVSA",
     "serverless",
-    "vulnerable",
-    "spa"
+    "vulnerable"
   ],
-  "author": "Protego Labs",
+  "author": "Tal Melamed",
   "license": "GPL-3.0",
   "bugs": {
-    "url": "https://github.com/protegolabs/DVSA/issues"
+    "url": "https://github.com/owasp/DVSA/issues"
   },
-  "homepage": "https://github.com/protegolabs/DVSA#readme",
+  "homepage": "https://github.com/owasp/DVSA#readme",
   "devDependencies": {
     "serverless-finch": "2.3.2",
     "serverless-scriptable-plugin": "^0.8.0",

diff --git a/template.yml b/template.yml
@@ -1,18 +1,18 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: 'Protego Serverless Security Workshop'
+Description: 'DVSA Repo Template'
 
 Metadata:
   AWS::ServerlessRepo::Application:
-    Name: Protego-Workshop
-    Description: 'Protego Serverless Security Workshop'
-    Author: Protego Labs
+    Name: DVSA
+    Description: Damn Vulnerable Serverless Application (DVSA)'
+    Author: 'Tal Melamed'
     LicenseUrl: LICENSE
     ReadmeUrl: README.md
-    Labels: ['serverless', 'security', 'protego']
-    HomePageUrl: https://www.protego.io
-    SemanticVersion: 1.2.0
-    SourceCodeUrl: https://github.com/protegolabs/DVSA
+    Labels: ['serverless', 'security']
+    HomePageUrl: https://owasp.org/www-project-dvsa/
+    SemanticVersion: 1.2.2
+    SourceCodeUrl: https://github.com/owasp/DVSA
 
 Globals:
   Api: