Skip to content

naefhe/devsecops-example-heroku

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.circleci
.circleci
 
 
vulnerable
vulnerable
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
manage.py
manage.py
 
 
requirements.txt
requirements.txt
 
 
sftp-config.json
sftp-config.json
 
 

Repository files navigation

DevSecOps Example Heroku

This repository shows exemplary how to set up a DevSecOps build chain which detects vulnerabilities in an application upon a commit / deployment.

DO NOT DEPLOY THE APPLICATION IN THIS REPOSITORY IF YOU DO NOT EXACTLY KNOW WHAT YOU ARE DOING

The enclosed application contains:

  • Only an index page with a reflected XSS vulnerability
  • A framework which contains vulnerabilities

Vulnerable Application

This is a simple web application written with Django. It implements a single view which will return everything the user inputs. The templating engine disables the automatic XSS protection feature which sanitizes the input. In addition, the XSSDisableMiddleware disables the XSS protection feature implemented in modern web browser.

Deployment

This application contains a build file for circleci to deploy the vulnerable application to Heroku. There are build jobs defined to do a dependency check for the python application using safety and a dynamic application security test using the Crashtest Security Suite.

To run these jobs, they need to be added to the defined workflow.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 94.0%
  • HTML 6.0%