Participants must first secure their vulnerable Lambda function using Application Security.
Next, they must use Application Security's stack trace to identify & remove the vulnerbale line of code.
Deploy the cfn.yaml CloudFormation template.
-
Obtain the web app's API Gateway URL from the CloudFormation output
-
Browse to web app to confirm it's vulnerable
The website will have a red background and a message informing you that the page is insecure
-
Add Application Security layer ARN to Lambda. Use Python 3.8 & the custom runtime method
-
Create an Application Security group
-
Set the group's "Illegal File Access" module to mitigate
-
Pass in Application Security group's keys to the Lambda via environment variables
-
Browse to the web app to confirm it's secure
The website will now have a green background and a message informing you that the page has been secured
-
Use Application Security stack trace to identify the vulnerable line of code. It will be this one:
f = open(vars_file_path, "r"); f.readline(); f.close(); message = {"message": "Welcome to our website"} -
Remove the vulnerable line
-
Deploy the updated Lambda
-
Browse to the wep app to confirm it's secure
The website will now have a yellow background and a message informing you that the vulnerability has been removed
cdk synth --version-reporting=false --path-metadata=false --asset-metadata=false > cfn.yaml