⚡️ Run akto on a vulnerable app to find a bug.

[ayushaga14]

💭 Introduction This task involves using Akto to run tests on vulnerable apps like juice-shop, rest-api-goat etc. Users can view the test results and check the vulnerabilities. You can also check and report if we are detecting any false positives, i.e. vulnerabilities that are wrongly detected by Akto. You can add data to Akto dashboard using burp suite, postman etc. For ex - Refer to burp documentation - https://docs.akto.io/add-api-data/integrations/burp-suite.

🎯 Requirements Setting up a vulnerable application locally and using applications like BurpSuite/Postman etc to send data to Akto

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Setup any vulnerable application locally. For ex - Refer https://github.com/juice-shop/juice-shop#docker-container
• [ ] Use web interface of application, or hit api's yourself, and add data to akto dashboard. For ex - Refer https://docs.akto.io/add-api-data/integrations/burp-suite on how to send data using Burpsuite.
• [ ] Add an attacker token before running tests. Refer - https://docs.akto.io/testing/create-user-config#method-1-adding-token-manually
• [ ] Go to your api collection, and click on run tests after selecting what all tests you want to trigger
• [ ] View test results. Refer - https://docs.akto.io/testing/test-results

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[mohithkalyan]

Hi, I'd like to work on this. I'd anyways test this on a vulnerable app to look at the efficiency and FP count before I could implement it in our CI/CD. Feel free to assign this to me.

[avneesh-akto]

Assigned it to you @mohithkalyan . Happy hacking. Feel free to join our Discord