Skip to content

contrast-jenn/demo-terracotta-bank

BranchesTags
 
 

Repository files navigation

Terracotta Bank: A deliberately insecure Java web application

This sample application is based on https://github.com/terracotta-bank/terracotta-bank

Warning: The computer running this application will be vulnerable to attacks, please take appropriate precautions.

Running standalone

You can run Terracotta Bank locally on any machine with Java 1.8 RE installed.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Place a contrast.jar into the application's root folder.
  3. Run the application using ./gradlew bootRun
  4. Browse the application at http://localhost:8080/

Running in Docker

You can run Terracotta Bank within a Docker container.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Build the Terracotta Bank container image using ./1-Build-Docker-Image.sh. The Contrast agent is added automatically during the Docker build process.
  3. Run the container using docker run -v $PWD/contrast_security.yaml:/etc/contrast/java/contrast_security.yaml -p 8080:8080 terracotta-bank:1.0
  4. Browse the application at http://localhost:8080/

Running in Azure (Azure Container Instance):

Pre-Requisites

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Install Terraform from here: https://www.terraform.io/downloads.html.
  3. Install PyYAML using pip install PyYAML.
  4. Install the Azure cli tools using brew update && brew install azure-cli.
  5. Log into Azure to make sure you cache your credentials using az login.
  6. Edit the variables.tf file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.
  7. Run terraform init to download the required plugins.
  8. Run terraform plan and check the output for errors.
  9. Run terraform apply to build the infrastructure that you need in Azure, this will output the web address for the application.
  10. Run terraform destroy when you would like to stop the app service and release the resources.

Running automated tests

There are a number of Seleneum tests which you can use to reveal vulnerabilities.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Place a contrast.jar into the application's root folder.
  3. Ensure you have the Firefox browser installed.
  4. Run the application using ./gradlew cleanTest test

Running automated tests in Docker

There are a number of Seleneum tests which you can use to reveal vulnerabilities in a Docker container.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Build the Docker container using docker build . -f Dockerfile.test -t terracotta-test
  3. Run the container using docker run -v $PWD/contrast_security.yaml:/etc/contrast/java/contrast_security.yaml terracotta-test:latest

Updating the Docker Image

You can re-build the docker image (used by Terraform) by running two scripts in order:

  • 1-Build-Docker-Image.sh
  • 2-Deploy-Docker-Image-To-Docker-Hub.sh

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 87.4%
  • CSS 5.8%
  • JavaScript 3.9%
  • HTML 1.6%
  • HCL 0.9%
  • Dockerfile 0.4%