https://github.com/octodemo/universe-wip

https://github.com/octodemo/universe-wip

Last synced: 6 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/octodemo/universe-wip
• Owner: octodemo
• License: mit
• Created: 2023-10-09T05:00:31.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-10-31T06:36:52.000Z (over 2 years ago)
• Last Synced: 2023-11-07T19:48:03.754Z (over 2 years ago)
• Language: Go
• Size: 43.6 MB
• Stars: 1
• Watchers: 6
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
Harnessing AI: Next Level Strategies for Advanced Security

@s-samadi

@abhi-dutta






  Introduction •

  Prerequisites •

  Mona Gallery •  

  Learning Objectives •

  Learning Resources



### Introduction

This repository contains the source code for the `Mona Gallery` vulnerable web application. The exercises for this workshop can be found in the `exercises.md` file. 

### Prerequisites

Please make sure that you have all the prerequisites in place before we start the wokshop.

1) Create a codespace from the repository

    

     Demo 

       

      ![create-codespace](https://github.com/octodemo/universe-wip/assets/68650974/6dde8598-0cd3-4b62-ae60-c609ea4e27c7)

    

     

   

2) Verify that GitHub Copilot, GitHub Copilot Chat, and GitHub Copilot Lab plugins are pre-installed in your codespace. These installations should occur automatically when you start the codespace.

3) Configure the plugin to grant you access to GitHub copilot through the [githubuniverseworkshops](https://github.com/githubuniverseworkshops) Org that you have been granted access to

4) Confirm that Advanced Security and all its features have been enabled on your repository

### Mona Gallery

The Mona Gallery is a delibrately vulnerable web application consisting of several prevalent vulnerability types, such as SQL injection, XSS, and deserialization, among others. The application's codebase is diverse, utilizing multiple technologies, including Go, Python, Javascript, and Java. A architecture diagram can be found below.  We will use this application's codebase for this workshop.

![mona-gallery](https://github.com/octodemo/universe-wip/assets/68650974/cb0bbf88-6d68-49e8-9129-fa3e487b2be9)

#### Architecture Diagram 

The application's frontend is built with Vue.js 3 and Bootstrap 5, while authorization is managed through the Zitadel OIDC service implemented in Go. Middleware functions are handled in Python. The API is developed in Go, and Blob storage is implemented with MinIO, written in Java. Furthermore, the API layer is also implemented in Go, and the database relies on SQL Lite. Each of these services is encapsulated in its respective Docker container, resulting in a total of five images. To run the application, you can utilize Docker Compose.  

![image](https://github.com/octodemo/universe-wip/assets/79184790/34600cdc-5dde-4dc4-9a68-8e31709c1ec0)

### Learning Objectives

  - Hands on exercise demonstrating our new feature to generate regexes using AI

  - Use AI to find generic secrets 

  - Practical lab demonstrating the new autofix feature for Javascript CodeQL alerts on the pull request

  - How to use GitHub Copilot to learn about CodeQL 

  - Use GitHub Copilot to learn about application security

### Learning Resources

  - [GitHub Advanced Security Learning Path - Microsoft Learn](https://learn.microsoft.com/en-us/collections/rqymc6yw8q5rey)

  - [Docs - GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security)

  - [GitHub Copilot Learning Path - Microsoft Learn](https://learn.microsoft.com/en-us/training/modules/introduction-to-github-copilot/)

  - [Docs - GitHub Copilot](https://docs.github.com/en/copilot)