juice-shop
SQLMap
juice-shop | SQLMap | |
---|---|---|
21 | 40 | |
9,547 | 30,623 | |
1.5% | 1.1% | |
9.8 | 8.7 | |
2 days ago | 3 days ago | |
TypeScript | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
juice-shop
-
Launch HN: Corgea (YC S23) – Auto fix vulnerable code
Hi HN, I’m the founder of Corgea (https://corgea.com). We help companies fix their vulnerable source code using AI.
Originally, we started with a data security product that would detect data leaks at companies. Despite initial successes and customer acquisitions, we frequently heard that highlighting issues wasn't enough; customers wanted proactive fixes. They had hundreds (yes hundreds!) of security tools alerting them about vulnerabilities, but couldn’t afford a dedicated team to go through them all and fix them. One prospect we spoke to had tens of thousands of reported vulnerabilities in their SAST tool. With the rise of AI code generation, we saw an opportunity to give customers what they really wanted.
Having Corgea is like having a security engineer on staff focused on making your code more secure. We want security to be an enabler of engineering rather than a blocker to it, and the reverse to be true. To accomplish this, we built it on top of existing LLMs to issue code fixes.
To show Corgea’s capabilities, we took some popular vulnerable-by-design applications like Juice Shop (https://github.com/juice-shop/juice-shop), scanned them and issued fixes for their vulnerabilities. You can see some of them here: https://demo.corgea.com. Some examples of vulnerabilities it solves are like SQL injection, Path Traversal and XSS.
What makes this tough is that currently LLMs struggle at generalist coding tasks because it has to understand your whole code base, the domain you’re in, and the user’s request to do something. This can lead to a lot of unintended behavior where it codes things incorrectly because it’s giving a best guess at what you want. Adam, one of the founding engineers on the team coined it well: LLMs don’t reason, they fuzz.
We made several decisions that helped the LLM become more deterministic. First, what we’re doing is extremely domain specific: vulnerable code fixes in a limited number of programming languages. There are roughly 900 security vulnerabilities in code, called CWE’s (https://cwe.mitre.org/), that we’ve built into Corgea. An SQL injection vulnerability in a Javascript app is the same regardless if you’re a payments company or a travel booking website. Second, we have no user generated input going into the LLM, because SAST scanners everything needed to issue a fix. This makes it much more predictable and reproducible for us and customers. We can also create robust QA processes and checks.
To illustrate the point, let’s put some of this to the test using some napkin math. Assume you’re serving 5,000 enterprises that ship on average 300 domain specific features a year in 5 different programming languages that each require 30 lines of code changes across multiple files. You’ll have about 300m permutations the product needs to support. What a nightmare!
Using the same napkin math, Corgea needs to support the ~900 vulnerabilities (CWE’s). Most of them require 1 - 2 line changes. It doesn’t need to understand the whole codebase since the problem is usually isolated to a few lines. We want to support the 5 most popular programming languages. If we have 5,000 customers, we have to support ~4,500 permutations (900 issues x 5 different languages). This leads to a massive difference in accuracy. Obviously, this is an oversimplification of the whole thing but it illustrates the point.
What makes this different from Copilot and other code-gen tools is that they do not specialize in security and we’ve seen them inadvertently introduce security issues unbeknownst to the engineer. Additionally, they do not integrate into existing scanning tools that companies are using to resolve those issues. So unless a developer is working on every part of the product, they’re unable to clear security backlogs, which can be in the thousands of tickets.
As for security scanners, the current market is flooded with tools that report and overwhelm security teams and are not effective at fixing what they’re reporting. Most vulnerability scanners do not remediate issues, and if they do they’re mostly limited to upgrading packages from one version to another to reduce a CVSS. If they do offer CWE remediation capabilities their success rates are very low because they’re often based on traditional AI methodologies. Additionally, they do not integrate with each other because they want to only serve their own findings. Enterprises use multiple tools like Snyk, Semgrep, Checkmarx, but also have a penetration testing program, and a bug bounty program. They need a solution that consolidates across their existing tools. They also use Github, Gitlab and Bitbucket for their code repository.
We’re offering a free tier for smaller teams and priced tiers. We believe we can reduce 80% of the engineering effort for security fixes, which would equate to at least $10m a year for enterprises.
We’re really excited to share this with you all and we’d love any thoughts, feedback, and comments!
- I think I will have to write a web site even though I'm not a web developer
-
Web Application Gauntlet
Just grab the source code and modify it. Read through the code. Make the shop sell new things. Why start from scratch on such a broad and complex topic?
-
5 Common Server Vulnerabilities with Node.js (with code examples and solutions)
If you want to explore vulnerabilities and bad practices, just look at OWASP Juice Shop the most insecure app out there
-
Is Java more secure than node Js
For a solid example of a vulnerable and insecure application see OWASP Juice Shop - this is an example of what NOT to do.
-
OWASP Juice Shop
This is awesome! Convenient for folks who use the Express/Angular stack but conceptual stuff should be pretty universal regardless.
Wasn't aware of this project at all but found the following links useful for context:
The actual Juice Shop website can be found at https://juice-shop.herokuapp.com/#/
and the github link for viewing code is https://github.com/juice-shop/juice-shop/releases/
-
General question on Docker
Right here. https://github.com/juice-shop/juice-shop/blob/master/Dockerfile
-
How attackers use exposed Prometheus server to exploit Kubernetes clusters
Exposed Prometheus metrics Endpoint
-
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
https://github.com/juice-shop/juice-shop#official-companion-...
If the versions installed in the book are outdated, you too can bump the version strings in the dependency specs in the git repo and send a PR Pull Request (which also updates the Screenshots and Menu > Sequences and Keyboard Shortcuts in the book&docs) and then manually test that everything works with the updated "deps" dependencies.
If it's an executablebooks/, a Computational Notebook (possibly in a Literate Computing style), you can "Restart & Run all" from the notebook UI button or a script, and then test that all automated test assertions pass, and then "diff" (visually compare), and then just manually read through the textual descriptions of commands to enter (because people who buy a Book presumably have a reasonable expectation that if they copy the commands from the book to a script by hand to learn them, the commands as written should run; it should work like the day you bought it for a projected term of many free word-of-mouth years.
From https://github.com/juice-shop/juice-shop#docker-container :
docker pull bkimminich/juice-shop
-
Capture the flag: A Node.js web app vulnerability practice
Take a look at juice-shop as well.
SQLMap
-
Best Hacking Tools for Beginners 2024
sqlmap
-
Restful API Testing (my way) with Express, Maria DB, Docker Compose and Github Action
A few weeks ago, I took a short cyber security course on Udemy. SQL injection was a section of the course. I knew about the concept though, I hadn't tried it. I was planning to make a Restful API server and tried SQL injection using a tool sqlmap, which was introduced in the course. While I could have used existing server code, I decided to build one from scratch. It's been a while since I worked on a Restful API server, and I wanted to refresh my knowledge for learning purposes.
-
Is this sql query in django safe?
I recommend looking for an alternative or if you must do it this way test it with https://sqlmap.org to make sure you are not vulnerable to the lowest effort attacks.
-
Enhancing Code Quality and Security: Building a Rock-Solid CI Test Suite for Seamless Development
The DAST checks can be automated up to a certain point, where the code should be able to withstand certain scans and attacks. For eg. SQL Injections can be checked with sqlmap which tests with each and every type of sql injection payload and reports it back to the user.
-
👨🏻💻Securing Your Web Applications from SQL Injection with SQLMap
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
-
Are these good projects to have? (appsec)
Sounds good, why not try making a simple vulnerability scanner for APIs too? Maybe something similar to SQLMap
-
[GitHub Action]: Wrappers for sqlmap, bbot and nikto
Its not that much of a tool than wrappers of few awesome tools that most of you probably know and use today - sqlmap, bbot and nikto.
-
[GitHub Action][Release]: Add DAST and OSINT to your security pipelines
I'm excited to share with you my latest contributions to the GitHub community: a collection of free GitHub Actions designed to streamline and enhance security practices utilizing DAST and OSINT tooling that is widely used - sqlmap, bbot and nikto. There were no GH Actions that I could find, so I made them for my use case, but figured everyone can benefit from those awesome tools.
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
SQLMap
- sqlmap wiki githib
What are some alternatives?
WebGoat - WebGoat is a deliberately insecure application
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Metasploit - Metasploit Framework
CTF-Market - This is CTF market
setoolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
SecureCodingDojo - The Secure Coding Dojo is a platform for delivering secure coding knowledge.
ZAP - The ZAP core project
Docusaurus - Easy to maintain open source documentation websites.
commix - Automated All-in-One OS Command Injection Exploitation Tool.
vuetify - 🐉 Vue Component Framework
RustScan - 🤖 The Modern Port Scanner 🤖