Skip to content
/ IWA-API Public

An insecure Spring Boot/Java REST API for use in Fortify demonstrations

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fortify-presales/IWA-API

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github
.github
 
 
bin
bin
 
 
data
data
 
 
etc
etc
 
 
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.win
Dockerfile.win
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
docker-compose.yml
docker-compose.yml
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Continuous Inspection

IWA-API -

Table of Contents

Notice

Overview

IWA-API is an insecure Sptring Boot/Java REST API for use in DevSecOps demonstrations. It includes some examples of bad and insecure code - which can be found using static and dynamic application security testing tools such as those provided by Fortify by OpenText.

The application is intended to provide the functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc). It has a Swagger based API.

Please note: the application should not be used in a production environment!

Forking the Repository

In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation - you can start the process by clicking on the "Fork" button at the top right.

Build Requirements

In order to successfully build and run the application you will need to have Java JDK 11 installed and on your path.

Building the Application

To build the application using Gradle, execute the following from the command line:

.\gradlew clean build -x test

Running the Application

There are a number of ways of running the application depending on the scenario(s) that you wish to execute.

Development (IDE/command line)

To run (and test) locally in development mode, execute the following from the command line:

.\gradlew bootRun

Then navigate to the URL: http://localhost:8888. You can carry out a number of actions unauthenticated, but if you want to login you can do so as one of the following users:

There is also an administrative user:

Note if you login with user2, you will be subsequently asked for a Multi-Factor Authentication (MFA) code. You can find this code by examining the console output.

Deploy (Docker Image)

The JAR file can be built into a Docker image using the provided Dockerfile and the following commands:

docker build -t iwa-api -f Dockerfile .

or on Windows:

docker build -t iwa-api -f Dockerfile.win .

This image can then be executed using the following commands:

docker run -d -p 8888:8888 iwa-api

There is also an example docker-compose.yml file that illustrates how to run the application with HTTPS/SSL using nginx and certbot - please note this is for reference only as it uses a "hard-coded" domain name.

Developing and Contributing

Please see the Contribution Guide for information on how to develop and contribute.

If you have any problems, please consult GitHub Issues to see if it has already been discussed.

Licensing

This application is made available under the GNU General Public License V3

About

An insecure Spring Boot/Java REST API for use in Fortify demonstrations

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages