WAAP-TF
Automatically Deploy WAAP and Vulnerable Web App
Written by Mike Braun
This playbook will install Nginx and Docker on a Ubuntu VM within Azure.
It will then download OWASP Juice Shop and run as a container.
Finally, it will deploy the WAAP and register it.
Prerequisites
Github Account
Azure Account
Terraform Cloud Account
Check Point Cloud Portal - Need WAAP Token
Usage:
Fork the repository into your own Github.
Then:
-
Login to Terraform Cloud and create a new workspace.
-
Select Version Control Workflow
- Connect it to Github
- Select the WAAP-TF Repository.
- Fill out the Terraform Variables. There are two kinds, Terraform Variables and Environemnt Variables
Environment Variables
This is the app registration information
ARM_CLIENT_ID = client ID
ARM_CLIENT_SECRET = secret
ARM_TENANT_ID = tenant ID
ARM_SUBSCRIPTION_ID = subscription ID
Terraform Variables
For the Terraform Variables, you need to match the variables defined in the variables.tf file that do not have a default value associated with it. By default you have to define:
victim_company
username
password
token
Finally, you need to Queue the plan in Terraform Cloud:
Destruction
Click on Setting > Destruction and Deletion > Queue Destroy Plan