Mirtov Alexey
c097b7414d
Update README.md
|
2 years ago | |
|---|---|---|
| .. | ||
| README.md | 2 years ago | |
| README_RU.md | 2 years ago | |
| cloud_config.yaml | 3 years ago | |
| declaration.yaml | 3 years ago | |
| network_tasks.tf | 3 years ago | |
| output.tf | 3 years ago | |
| provider.tf | 3 years ago | |
| variables.tf | 3 years ago | |
| vm_tasks.tf | 3 years ago | |
README.md
Installing a Damn Vulnerable Web Application (DVWA) in Yandex.Cloud using Terraform for managed WAF testing
Link to a video review on YouTube: https://www.youtube.com/watch?v=r7Dxv_as24E
Terraform playbook will create:
- New VPC network and VPC subnet
- External VPC address
- Security group to access the application
- VM based on Yandex Container Solution running a Docker container with a Damn Vulnerable Web Application (DVWA)
Prerequisites:
Installation
- Copy repository files using Git:
git clone https://github.com/mirtov-alexey/dvwa_and_managed_waf.git - Fill out the variables in the variables.tf file: in the
tokenfield, enter either the user's OAuth token or a path to the service account's key file. - In the provider.tf file, specify
token = var.token(for user authentication) orservice_account_key_file = var.token(for authenticating on behalf of the service account). - Go to the file folder and run terraform init:
cd ./dvwa_and_managed_waf/ terraform init Next, run terraform apply:
terraform applyInstallation results
As a result of the installation, an external IP address will be displayed in the command line:
Next, when you open the address in the browser, you should see the following:
Enter login: 'admin
, password: 'password.At the very bottom of the page, click Create/Reset database.
Then click Login at the bottom.
On the DVWA Security tab, change the level to Low.
Go to the SQL Injection tab and in the User ID field, enter the following:
`%' and 1=0 union select null, concat(user,':',password) from users #`
