Adding Support for a new tab for Scanner which can explain on how scanners can evaluation there performance

Question

Adding Support for a new tab for Scanner which can explain on how scanners can evaluation there performance

preetkaran20 opened this issue 2 years ago · comments

Karan Preet Singh Sasan commented 2 years ago

Is your feature request related to a problem? Please describe.

If we read about the goals of VulnerableApp/VulnerableApp-Facade, this application is built to help scanners like DAST and SAST in evaluating themselves so in order to help SAST, projects need to provide a file-like VulnerabilityDefinition, similarly, for DAST, Vulnerable Applications expose Scanner endpoint which can be used by DAST like Owasp ZAP.
Our VulnerableApp/VulnerableApp-jsp/VulnerableApp-php all expose scanner endpoint, so if you start the application then visit
/<VulnerableApplicationName>/scanner endpoint, you can find the json data.

The requirement is to add a button in the header (or any other suitable place, upto the implementer) which is say Scanners or something suitable which is clicked and then it opens up a menu bar with 2 options, one for DAST and one for SAST.
In DAST, we need to explain, how DAST scanners can utilise the VulnerableApp-facade and similarly under SAST we need to explain, how SAST can utilise the VulnerableApp-facade.

Initial thought:

DAST /scanner endpoint data:

Apart from User interface work, we also need to add a merging logic in LUA such that when ever user enters /scanner endpoint, we merge responses from all /<VulnerableApplicationName>/scanner endpoints and show the result. Something similar to: https://github.com/SasanLabs/VulnerableApp-facade/blob/main/lua-modules/vulnerableapp_utility.lua

Content of DAST and SAST menu options
For content relation information look at: https://sasanlabs.github.io/VulnerableApp/HOW-TO-USE.html#how-sast-or-dast-can-use-the-project

merry-degaga · Answer 1 · Fri Nov 04 2022 07:33:34 GMT+0800 (China Standard Time)

Hi Karan, I am interested in working on this issue.

merry-degaga · Answer 2 · Sat Nov 26 2022 06:50:06 GMT+0800 (China Standard Time)

Hi Karan,
While testing out the scanner endpoints it seems only VulnerableApp/scanner returns the json information and VulnerableApp-jsp/scanner and VulnerableApp-php/scanner are not yet available (issues: SasanLabs/VulnerableApp-jsp#8
SasanLabs/VulnerableApp-php#13 )

From this it looks like I am blocked for now from completing this...I could look into the issue SasanLabs/VulnerableApp-jsp#8 since I am more familiar with java...Would this be okay?
Or let me continue with this issue and update nginx.conf with only the VulnerableApp/scanner endpoint?

Karan Preet Singh Sasan · Answer 3 · Sat Nov 26 2022 10:54:45 GMT+0800 (China Standard Time)

Hi @merry-degaga ,

Yes, other Vuln apps don't support scanner endpoint so for now in lua script you can invoke scanner endpoints on those apps as well and in case of failure just ignore the response else merge it. The same is being done for vulnerability definitions endpoint as well.

Thanks,
Karan