Merge pull request snyk-labs#9 from snyk/rework-walkthrough

Rework walkthrough

Author: sjmaple

README.md

@@ -3,57 +3,12 @@ In this step by step workshop you'll learn how to exploit various real world vul
 
 # Required software you need to install for this workshop
 
-* A proper terminal (linux based) - pick your favourite
-* [cUrl](https://curl.haxx.se/download.html) - download and install a binary for your OS
-* [Httpie](https://httpie.org/) - (brew install httpie)
-* [Node.js & npm](https://nodejs.org/en/) - (brew install node)
-* [Maven](https://maven.apache.org/install.html)
-* [Java 8](https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
-* [Git](https://git-scm.com/downloads)
-* [Mongod](https://docs.mongodb.com/manual/installation/) - (brew install mongodb)
+You can do this workshop in 2 different flavours
+* Using the prepared [Docker images](install/docker.md)
 
-## Docker images
-Or you can download this zip files that contains the prepared docker images
-* https://drive.google.com/file/d/11LfofyGnQRRGkxcBbobw1S5Yn_pBlHxF/view?usp=sharing
+**OR**
 
-By downloading and using the docker images, the tools needed are already included in the containers
-
-### Using the docker images for Goof
-- go to the "goof" directory in (unpacked) zip file
-
-Import docker images
-```
-$ docker load -i snyk-demo-todo_goof.tar
-$ docker load -i mongo.tar
-```
-Start application
-```
-$ docker-compose up
-```
-navigate to [http://localhost:3001](http://localhost:3001)
-
-To access the shell
-```
-$ docker exec -it goof bash
-```
-
-### Using the docker images for Java Goof
-- go to the "java_goof_docker" directory in (unpacked) zip file
-
-Import docker images
-```
-$ docker load -i javagoof.tar
-```
-Start application
-```
-$ docker-compose up
-```
-navigate to [http://localhost:8080](http://localhost:8080)
-
-To access the shell
-```
-$ docker exec -it javagoof bash
-```
+* Install everything on your [local machine](install/manual.md)
 
 
 # An introduction to this workshop
@@ -72,27 +27,11 @@ For each vulnerability section in this workshop, you’ll be given information a
 
 # Goof installation
 
-In a terminal, start mongod, using the following command:
-
-```
-$ mongod &
-```
-
-Next you’ll need to fork the goof repository, clone it and build your application. The application can be found on GitHub here: [https://github.com/snyk/goof](https://github.com/snyk/goof).
-
-Fork this application to your local repository so that any remediation you choose to perform will only happen on your repository and won’t affect others in this workshop.
-
-Clone the repository onto your local file system and navigate into the project’s root directory. Run the following commands to download the dependencies for the goof application:
+Depending on your choice before pick the appropriate install manual
+* using [Docker Images](install/goof_docker.md)
+* install on [Local machine](install/goof_local.md)
 
-```
-$ npm install
-```
 
-Your application should be ready to run. You can start the application by running the following command from within the main project directory:
-
-```
-$ npm start
-```
 
 From your browser of choice, navigate to [http://localhost:3001](http://localhost:3001) and you should see the following page.
 
@@ -105,7 +44,10 @@ Take a few minutes playing with the site, and in particular, create a few todo i
 
 ## Scan your application
 
-First of all, let's look at it from the blue (defensive) side. We need to scan our application to understand the direct and indirect dependencies that exist in the application, as well as the vulnerabilities in each library. To do this, navigate to [https://snyk.io](https://snyk.io) and click "Sign up" or "Log in" (if you're already a user), on the top right of the site:
+First of all, let's look at it from the blue (defensive) side. 
+Fork the goof application to your own github account. The application can be found on GitHub here: [https://github.com/snyk/goof](https://github.com/snyk/goof).
+We need to scan our application to understand the direct and indirect dependencies that exist in the application, as well as the vulnerabilities in each library. To do this, navigate to [https://snyk.io](https://snyk.io) and click "Sign up" or "Log in" (if you're already a user), on the top right of the site:
+
 
 ![Login button](images/image13.png)
 
@@ -187,6 +129,8 @@ Make sure your new PR tests do not introduce any new security or licence issue h
 
 When you're happy with the PR, merge the changes.
 
+#### Local machine install only (This will not work when you are using the Docker images)
+
 If you're running the application locally stop it by hitting ```Ctrl+C``` in the window you ran ```npm start```. Get the latest code from GitHub by running ```git fetch```. Download the new version of ```st``` by running ```npm install``` and then start your application again, using ```npm start```.
 
 Try your hacks again. *Congratulations!*, you’ve remediated the vulnerability and should now be redirected to the homepage each time you try to break free of the public folder.
@@ -274,25 +218,10 @@ After updating your application, try your hacks again. Congratulations, you’ve
 
 # Java Goof Installation
 
-To start with, you’ll need to clone the java-goof repository, and build your application. The application can be found on GitHub here: [https://github.com/snyk/java-goof](https://github.com/snyk/java-goof).
-
-Clone the repository onto your local file system
+Depending on your choice before pick the appropriate install manual
+* using [Docker Images](install/javagoof_docker.md)
+* install on [Local machine](install/javagoof_local.md)
 
-```
-$ git clone https://github.com/benas/todolist-mvc.git
-```
-
-Open a terminal and run the following command from the root directory:
-
-```
-$ mvn install
-```
-
-Navigate into the ```todolist-web-struts``` directory and run the following to start the server:
-
-```
-$ mvn tomcat7:run
-```
 
 From a browser navigate to the following URL: [http://localhost:8080/](http://localhost:8080/)
 
@@ -312,8 +241,9 @@ When signed in, you’ll see a number of todo entries. If you click about at the
 ## Scan your application
 
 Back on the blue (defensive) team, now. We need to scan our application to understand the direct and indirect dependencies that exist in the application, as well as the vulnerabilities in each library.
+Fork Java Goof to your own github account. The application can be found on GitHub here: [https://github.com/snyk/java-goof](https://github.com/snyk/java-goof) 
 
-If you've already got a Snyk account from earlier in the workshop, you just need to add the Java Goof repository you cloned earlier into the Snyk  dashboard. If you haven't done so, create your account as follows:
+If you've already got a Snyk account from earlier in the workshop, you just need to add the Java Goof repository into the Snyk  dashboard. If you haven't done so, create your account as follows:
 
 Navigate to [https://snyk.io](https://snyk.io) if you haven't done so already, click "Log in" or "Sign up" on the top right of the site.
 

install/docker.md

@@ -0,0 +1,18 @@
+# Using Docker images for the workshop
+
+Software needed:
+* Docker
+
+You can do this entire workshop based on the Docker images we supply you.
+This way you do not have to install any software manually if you dont want to.
+
+The Docker images will be supplied by USB pen-drive or you can download the zip file from the internet if WIFI is sufficient
+* https://drive.google.com/file/d/11LfofyGnQRRGkxcBbobw1S5Yn_pBlHxF/view?usp=sharing
+
+Unzip workshop.zip and work from there.
+
+
+
+
+
+

install/goof_docker.md

@@ -0,0 +1,29 @@
+# Using the docker images for Goof
+
+- go to the "goof" directory in the (unpacked) zip file
+
+Import docker images
+```
+$ docker load -i snyk-demo-todo_goof.tar
+$ docker load -i mongo.tar
+```
+Start application
+```
+$ docker-compose up
+```
+From your browser of choice, navigate to [http://localhost:3001](http://localhost:3001) and you should see the following page.
+
+![Goof homepage](../images/image12.png)
+
+### Important:
+
+We will use be using the following tools
+* [cUrl](https://curl.haxx.se/download.html) - download and install a binary for your OS
+* [Httpie](https://httpie.org/) - (brew install httpie)
+
+You can use these tools from your local machine **OR** you can access the Docker image that have these tools pre-installed
+
+To access the shell (this is only needed if you do not have cUrl on your local machine)
+```
+$ docker exec -it goof bash
+```

install/goof_local.md

@@ -0,0 +1,27 @@
+#Goof on local machine
+
+In a terminal, start mongod, using the following command:
+
+```
+$ mongod &
+```
+
+Next you’ll need to fork the goof repository, clone it and build your application. The application can be found on GitHub here: [https://github.com/snyk/goof](https://github.com/snyk/goof).
+
+Fork this application to your local repository so that any remediation you choose to perform will only happen on your repository and won’t affect others in this workshop.
+
+Clone the repository onto your local file system and navigate into the project’s root directory. Run the following commands to download the dependencies for the goof application:
+
+```
+$ npm install
+```
+
+Your application should be ready to run. You can start the application by running the following command from within the main project directory:
+
+```
+$ npm start
+```
+
+From your browser of choice, navigate to [http://localhost:3001](http://localhost:3001) and you should see the following page.
+
+![Goof homepage](../images/image12.png)

install/javagoof_docker.md

@@ -0,0 +1,29 @@
+# Using the docker images for Java Goof
+- go to the "java_goof_docker" directory in the (unpacked) zip file
+
+Import docker images
+```
+$ docker load -i javagoof.tar
+```
+Start application
+```
+$ docker-compose up
+```
+From a browser navigate to the following URL: [http://localhost:8080/](http://localhost:8080/).
+You will see this application.
+
+![Java Goof homepage](../images/image9.png)
+
+
+### Important:
+
+We will use be using the following tools
+* [cUrl](https://curl.haxx.se/download.html) - download and install a binary for your OS
+* [Httpie](https://httpie.org/) - (brew install httpie)
+
+You can use these tools from your local machine **OR** you can access the Docker image that have these tools pre-installed
+
+To access the shell
+```
+$ docker exec -it javagoof bash
+```

install/javagoof_local.md

@@ -0,0 +1,20 @@
+# Java Goof on local machine
+To start with, you’ll need to clone the java-goof repository, and build your application. The application can be found on GitHub here: [https://github.com/snyk/java-goof](https://github.com/snyk/java-goof).
+
+Clone the repository onto your local file system
+
+```
+$ git clone https://github.com/benas/todolist-mvc.git
+```
+
+Open a terminal and run the following command from the root directory:
+
+```
+$ mvn install
+```
+
+Navigate into the ```todolist-web-struts``` directory and run the following to start the server:
+
+```
+$ mvn tomcat7:run
+```

install/local.md

@@ -0,0 +1,12 @@
+# Install on local machine
+
+This is the software you need if you want to run everything on your local machine
+
+* A proper terminal (linux based) - pick your favourite
+* [cUrl](https://curl.haxx.se/download.html) - download and install a binary for your OS
+* [Httpie](https://httpie.org/) - (brew install httpie)
+* [Node.js & npm](https://nodejs.org/en/) - (brew install node)
+* [Maven](https://maven.apache.org/install.html)
+* [Java 8](https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
+* [Git](https://git-scm.com/downloads)
+* [Mongod](https://docs.mongodb.com/manual/installation/) - (brew install mongodb)