- Docker
- Docker Compose
- Burp Suite CE
- Bearer SAST
- ZAP
- Trivy
- A basic understanding of SQL Injections and JWTs.
Windows users, I recommend using Powershell This since, for example, Git Bash doesn't always handle paths correctly, which may be problematic when using container volumes.
Download Burp Suite from https://portswigger.net/burp/releases/professional-community-2023-10-2-3?requestededition=community&requestedplatform=
There are many paid tools to do SAST. In the workshop, the quite recently released open sourced SAST tool Bearer will be used.
Installation
Docker
docker pull bearer/bearer:latest-amd64
Install script
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
Homebrew
brew install Bearer/tap/bearer
docker pull ghcr.io/zaproxy/zaproxy
It is recommended to not use Docker when running Trivy. This since the setup with the Trivy container is, in comparison, more complicated since it requires Docker-in-Docker.
Windows users, you are required to use Docker in this case.
Docker
docker pull aquasec/trivy:0.46.0
Install script
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.46.0
Homebrew
brew install aquasecurity/trivy/trivy