Skip to content

Latest commit

 

History

History
63 lines (39 loc) · 3.45 KB

README.md

File metadata and controls

63 lines (39 loc) · 3.45 KB
Raw

Harnessing AI: Next Level Strategies for Advanced Security

@s-samadi
@abhi-dutta

IntroductionPrerequisitesMona GalleryLearning ObjectivesLearning Resources

Introduction

This repository contains the source code for the Mona Gallery vulnerable web application. The exercises for this workshop can be found in the exercises.md file.

Prerequisites

Please make sure that you have all the prerequisites in place before we start of the wokshop

  1. Create a codespace from the repository

    Demo

    create-codespace

  2. Verify that the GitHub Copilot, GitHub Copilot Chat, and GitHub Copilot Lab plugins are pre-installed in your codespace. These installations should occur automatically when you start the codespace.

  3. Configure the plugin to grant you access to GitHub copilot through the githubuniverseworkshops Org that you have been granted access to

  4. Confirm that Advanced Security and all its features have been enabled on your repository

Mona Gallery

The Mona Gallery is a delibrately vulnerable web application consisting of several prevalent vulnerability types, such as SQL injection, XSS, and deserialization, among others. The application's codebase is diverse, utilizing multiple technologies, including Go, Python, Javascript, and Java. A architecture diagram can be found below. We will use this application's codebase for this workshop.

mona-gallery

Architecture Diagram

The application's frontend is built with Vue.js 3 and Bootstrap 5, while authorization is managed through the Zitadel OIDC service implemented in Go. Middleware functions are handled in Python. The API is developed in Go, and Blob storage is implemented with MinIO, written in Java. Furthermore, the API layer is also implemented in Go, and the database relies on SQL Lite. Each of these services is encapsulated in its respective Docker container, resulting in a total of five images. To run the application, you can utilize Docker Compose.

image

Learning Objectives

  • Hands on exercise demonstrating our new feature to generate regexes using AI
  • Use AI to find generic secrets
  • Practical lab demonstrating the new autofix feature for Javascript CodeQL alerts on the pull request
  • How to use GitHub Copilot to learn about CodeQL
  • Use GitHub Copilot to learn about application security

Learning Resources