Skip to content

sonatype-nexus-community/codetocloud-workshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.mvn/wrapper
.mvn/wrapper
 
 
config
config
 
 
docs
docs
 
 
robot
robot
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
COPYRIGHT.txt
COPYRIGHT.txt
 
 
CREATE_RELEASE.md
CREATE_RELEASE.md
 
 
Dockerfile
Dockerfile
 
 
Dockerfile_desktop
Dockerfile_desktop
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
README_I18N.md
README_I18N.md
 
 
RELEASE_NOTES.md
RELEASE_NOTES.md
 
 
SECURITY.md
SECURITY.md
 
 
mvn-debug
mvn-debug
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

codetocloud-workshop

The application used in this workshop repository is from WebGoat, an intentionally vulnerable project maintained by OWASP.

Setup

Open GitHub Codespaces (<> Code -> Codespaces tab -> Create codespace on main)

mvn clean install

./mvnw spring-boot:run

Once the application is running, go to the "Ports" tab and forward port 8080, and set the visibility to "Public".

You can then open the Local Address in a browser as <localAddress>/WebGoat

Local setup

If you would like to build the code locally follow the setup instructions from WebGoat.

Some tips to get you started

We'll be doing more reading of code then writing in this workshop so even if you aren't totally familiar with Java or the Spring framework you can participate.

Here's what you need to know: Spring provides inversion of control (ioc) to Java applications meaning the framework decides the program flow of the application and defines when objects are created and destroyed. This allows developers to spend more time focused on developing business logic. It's a complex system but a couple of key things to know are:

  • the Spring container is responsible for managing the beans
  • What is a bean you ask? A bean is an instance of a class. You will often see these indicated by annotations like @Component and @Bean throughout the codebase

File structure: src/main/java/org/owasp/webgoat container/ - start looking here for security flaws

    lessons/ - include success criteria for each lesson
    server/ - some startup classes, StartWebGoat:main is the application entrypoint
    webwolf/ - a sibling application to Webgoat that simulates an attacker

pom.xml - Maven configuration file that also defines third party dependencies used in Webgoat

The Fine Print

It is worth noting that this is NOT SUPPORTED by Sonatype, and is a contribution of ours to the open source community (read: you!)

Remember:

  • Use this contribution at the risk tolerance that you have
  • Do NOT file Sonatype support tickets related to codetocloud-workshop support in regard to this project
  • DO file issues here on GitHub, so that the community can pitch in

Phew, that was easier than I thought. Last but not least of all:

Have fun creating and using codetocloud-workshop, we are glad to have you here!

About

No description, website, or topics provided.

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

8 watching

Forks

8 forks
Report repository

Releases

1 tags

Sponsor this project

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages