appseccft

CTF Anwers

Challenge 1:

Answers and Notes:

• 1. There are several things that can be addressed with this application. CVE-2018-18074 can be addressed by modifying the requirements file to install requests=2.22.0 rather than the vulnerable version. Also there are a lot of package imports in the script itself that aren't being used, and should be removed until they are.
• 2. Update the version of the alpine image being used. The application itself doesnt really do anything at this point so there is no reason not to use the latest version especially as it fixes CVE-2019-8457 by installing a patched version of SQLite.
• 3. In the dockerfile there are a lot of things being installed that aren't being used. This needlessly increases the size of the attack surface. If you remove those packages you also prevent gcc and binutils from being installed which resolves CVE-2018-12699 as that isn't an acceptable answer, this issue is also resolved by using the newer version of Alpine, or you could install the acl package, and lock down the permissions for objdump which is the vulnerable package, by blocking its use. setfacl user:*:rwx- objdump

As an asside I don't know if this is within scope, but this image install all sorts of things not being used. If the point is just to build a containerized test application to learn docker or something to that end, there are better images to use.

Challenge 2:

Answers and Notes: 1. To resolve this challenge I update the package releases for spring framework and jackson-databind to the latest versions then rescanned.

Challenge 3:

1. Updated the sample to use a parametized statement, rather than a dynamic statement

Challenge 4:

1. Uses a python package that act as an nmap wrapper to scan, and parse certificate info into an html format that can be sent as an email or uploaded to a static webpage.