Lab 3.3: Deploy Juice-shop Web App to Production ENV and run DAST

3.3.1 Deploy Juice-Shop App to Production

Production deployment is triggered by creating a Tag. This is a common development practice that allows tagging and simultaneous release/delivery of the App code into Production environment. You can read a bit more about deployment strategies at Intro to deployment strategies or similar websites

Why do we use tags?

  • Useful for marking deployments and releases
  • Annotated tags are an unchangeable part of Git history
  • Soft/lightweight tags can be set and removed at will
  • Many projects combine an annotated release tag with a stable branch
  • Consider setting deployment/release tags automatically

More on tagging at Git Basics - Tagging

3.3.2 Tag the repo in gitlab

client RDP -> firefox -> waf-301 -> GitLab

Click on waflabs / waf_cicd Project

Navigate to Repository -> Tags and click on New tag

../../_images/tags.png

Fill out a Tag name field and click on Create tag. You can use prod-v1.0 as suggested Tag name.

../../_images/new_tag.png

3.3.3 Pipeline progress

Navigate to CI / CD -> Pipelines and click on the pipeline that is currently running and has a Commit message set to a Tag name created in previous step

3.3.4 Connect to Production Juice-Shop App

Upon successful pipeline completion you can access Juice-Shop App by selecting firefox –> favorites –> WAF-301 –> Production –> OWASP juice shop - PRODUCTION

Pipeline Summary

Demonstrated pipeline uses same WAF Policy for Production as it did for Staging environment, making both environments identical from the security perspective. Additionally, Production pipeline uses DAST testing to rule out any runtime vulnerabilities.
  • Deploy WAF Policy
  • Test and update policy as necessary
  • Repeat

What’s Next?