This repository has been archived by the owner on May 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrecipe.yml
94 lines (94 loc) · 3.25 KB
/
recipe.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: Post deployment security validations
# Test plan (collection of test cases) to apply security validations after the deployment of an web application.
# RUN CMD: venom run --var="target_site=https://myapp.com" recipe.yml
vars:
target_site: "https://xlm-blogpost-deploy-check.herokuapp.com"
connection_timeout: 20
testcases:
- name: Validate-Exposed-Content-NodeJS-Express-Usage-Exposure
steps:
- type: http
method: GET
url: {{.target_site}}
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 200
- result.headers.x-powered-by ShouldBeNil
- name: Validate-Exposed-Content-Info-Disclosure-Via-Error
steps:
- type: http
method: GET
# Target a service in a way that an error is expected to occur (here a parameter is missing)
url: {{.target_site}}/hello
skip_body: false
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 500
- result.body ShouldNotContainSubstring SendStream.emit
- name: Validate-Exposed-Content-Non-Expected-File-Deployed
steps:
# Cf https://github.com/ovh/venom/blob/master/tests/ranged.yml
# Cf https://github.com/ovh/venom/issues/494
- type: http
method: GET
url: {{.target_site}}/deploy.key
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 404
- type: http
method: GET
url: {{.target_site}}/package.json
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 404
- type: http
method: GET
url: {{.target_site}}/package-lock.json
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 404
- name: Validate-SecurityTXT-File-Presence
steps:
- type: http
method: GET
url: {{.target_site}}/security.txt
skip_body: false
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 200
- result.body ShouldContainSubstring mailto:emergency@excellium-services.com
- name: Validate-WAF-Presence
steps:
- type: http
method: GET
# Add a URL parameter with a value that is expected to trigger a rejection by any WAF in place
url: {{.target_site}}/?xss-payload=%3Cscript%3Ealert(1)%3C/script%3E
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldBeIn 401 403
- name: Validate-Secure-Protocol-Usage
steps:
- type: http
method: GET
url: {{.target_site | replace "https" "http"}}
skip_body: true
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 301
- result.headers.location ShouldNotBeNil
- result.headers.location ShouldContainSubstring {{.target_site}}
- name: Validate-RobotsTXT-File-Content
steps:
- type: http
method: GET
url: {{.target_site}}/robots.txt
skip_body: false
timeout: {{.connection_timeout}}
assertions:
- result.statuscode ShouldEqual 200
- result.body ShouldNotContainSubstring "Disallow:"