From a433f7fbc75bca23bd20dd389c8495c5a9eb0c8b Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 02:18:14 +0530
Subject: [PATCH 01/10] Docker - Revert changes due to merge on Broken Access
 Control - Hard - Insecure Design - Easy

---
 .../hard/wierd-securitatis/Dockerfile         | 12 ---------
 .../hard/wierd-securitatis/dockerfile         | 27 -------------------
 Insecure Design/easy/.env                     |  4 +++
 Insecure Design/easy/Dockerfile               |  3 +++
 Insecure Design/easy/compose.yaml             |  6 +++++
 5 files changed, 13 insertions(+), 39 deletions(-)
 delete mode 100644 Broken Access Control/hard/wierd-securitatis/Dockerfile
 delete mode 100644 Broken Access Control/hard/wierd-securitatis/dockerfile
 create mode 100644 Insecure Design/easy/.env
 create mode 100644 Insecure Design/easy/Dockerfile
 create mode 100644 Insecure Design/easy/compose.yaml

diff --git a/Broken Access Control/hard/wierd-securitatis/Dockerfile b/Broken Access Control/hard/wierd-securitatis/Dockerfile
deleted file mode 100644
index 37436f1..0000000
--- a/Broken Access Control/hard/wierd-securitatis/Dockerfile	
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM node:slim
-WORKDIR /wierd-securitatis
-
-COPY package*.json ./
-RUN npm install 
-
-COPY . .
-EXPOSE 3555
-RUN node initDB.js
-CMD [ "node", "index.js" ]
-
-
diff --git a/Broken Access Control/hard/wierd-securitatis/dockerfile b/Broken Access Control/hard/wierd-securitatis/dockerfile
deleted file mode 100644
index 49d78ef..0000000
--- a/Broken Access Control/hard/wierd-securitatis/dockerfile	
+++ /dev/null
@@ -1,27 +0,0 @@
-
-# Stage 1: Build Node.js application
-FROM node:18 AS node_build
-
-# Set the working directory
-WORKDIR /app
-
-# Copy the Node.js application files
-COPY package*.json ./
-
-# Install dependencies
-RUN npm install
-
-# Copy the application code
-COPY . .
-
-# Build the Node.js application
-# RUN npm run build
-
-
-# Set the working directory for the Node.js application
-WORKDIR /app
-
-RUN node initDB.js 
-EXPOSE 3555 
-# Run the Node.js application
-CMD ["node", "index.js"]
diff --git a/Insecure Design/easy/.env b/Insecure Design/easy/.env
new file mode 100644
index 0000000..5965ead
--- /dev/null
+++ b/Insecure Design/easy/.env	
@@ -0,0 +1,4 @@
+PORT = 2915
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-insecure-design-easy
\ No newline at end of file
diff --git a/Insecure Design/easy/Dockerfile b/Insecure Design/easy/Dockerfile
new file mode 100644
index 0000000..998492d
--- /dev/null
+++ b/Insecure Design/easy/Dockerfile	
@@ -0,0 +1,3 @@
+FROM httpd:latest
+
+COPY ./index.html /usr/local/apache2/htdocs/index.html
\ No newline at end of file
diff --git a/Insecure Design/easy/compose.yaml b/Insecure Design/easy/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Insecure Design/easy/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+

From 97d60a57b6999a968c362241078b2b4c960e9e2e Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 02:18:49 +0530
Subject: [PATCH 02/10] - Fix Merge Issues

---
 Broken Access Control/hard/wierd-securitatis/Dockerfile | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 Broken Access Control/hard/wierd-securitatis/Dockerfile

diff --git a/Broken Access Control/hard/wierd-securitatis/Dockerfile b/Broken Access Control/hard/wierd-securitatis/Dockerfile
new file mode 100644
index 0000000..6fa55ac
--- /dev/null
+++ b/Broken Access Control/hard/wierd-securitatis/Dockerfile	
@@ -0,0 +1,9 @@
+FROM node:slim
+WORKDIR /wierd-securitatis
+
+COPY package*.json ./
+RUN npm install 
+
+COPY . .
+RUN node initDB.js
+CMD [ "node", "index.js" ]

From 99a30449d7e6f7a5f204af6ead21e669dfa9508c Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 02:49:21 +0530
Subject: [PATCH 03/10] Docker - Identification And Authentication Failures -
 Easy - Identification And Authentication Failures - Hard

---
 .../easy/.env                                               | 4 ++++
 .../easy/Dockerfile                                         | 3 +++
 .../easy/compose.yaml                                       | 6 ++++++
 .../hard/.env                                               | 4 ++++
 .../hard/Dockerfile                                         | 5 +++++
 .../hard/compose.yaml                                       | 6 ++++++
 Insecure Design/easy/Dockerfile                             | 2 +-
 7 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/easy/.env
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/hard/.env
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile
 create mode 100644 Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml

diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/.env b/Identification and Authentication Failures (Broken Authentication)/easy/.env
new file mode 100644
index 0000000..8ab0ef5
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/easy/.env	
@@ -0,0 +1,4 @@
+PORT = 2279
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-identification-and-authentication-failures-easy
\ No newline at end of file
diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile b/Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile
new file mode 100644
index 0000000..3f3593f
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/easy/Dockerfile	
@@ -0,0 +1,3 @@
+FROM php:apache
+
+COPY . /var/www/html
\ No newline at end of file
diff --git a/Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml b/Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/easy/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/.env b/Identification and Authentication Failures (Broken Authentication)/hard/.env
new file mode 100644
index 0000000..e1aa1ca
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/hard/.env	
@@ -0,0 +1,4 @@
+PORT = 2280
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-identification-and-authentication-failures-hard
\ No newline at end of file
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile b/Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile
new file mode 100644
index 0000000..fdbd059
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/hard/Dockerfile	
@@ -0,0 +1,5 @@
+FROM php:apache
+
+ARG src="./4uth Xrack Que\$t/"
+ARG dest="/var/www/html/"
+COPY ${src} ${dest}
\ No newline at end of file
diff --git a/Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml b/Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Identification and Authentication Failures (Broken Authentication)/hard/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Insecure Design/easy/Dockerfile b/Insecure Design/easy/Dockerfile
index 998492d..0fc6254 100644
--- a/Insecure Design/easy/Dockerfile	
+++ b/Insecure Design/easy/Dockerfile	
@@ -1,3 +1,3 @@
-FROM httpd:latest
+FROM httpd:apline
 
 COPY ./index.html /usr/local/apache2/htdocs/index.html
\ No newline at end of file

From aa7d4bde30994effa251f2495a58ae0fd1b047fc Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 04:22:32 +0530
Subject: [PATCH 04/10] Docker - Injection - Easy - Injection - Hard - Minor
 changes to docker file of Insecure Design, Broken Access Control

---
 .../hard/wierd-securitatis/Dockerfile               |  2 +-
 Injection (Cross-Site Scripting (XSS))/easy/.env    |  6 ++++++
 .../easy/Dockerfile                                 |  8 +++++---
 .../easy/compose.yaml                               |  6 ++++++
 Injection (Cross-Site Scripting (XSS))/hard/.env    | 10 ++++++++++
 .../hard/Dockerfile                                 |  8 +++++---
 .../hard/compose.yaml                               | 13 +++++++++++++
 Insecure Design/easy/Dockerfile                     |  3 ++-
 Insecure Design/hard/et_tu/Dockerfile               |  3 +--
 9 files changed, 49 insertions(+), 10 deletions(-)
 create mode 100644 Injection (Cross-Site Scripting (XSS))/easy/.env
 create mode 100644 Injection (Cross-Site Scripting (XSS))/easy/compose.yaml
 create mode 100644 Injection (Cross-Site Scripting (XSS))/hard/.env
 create mode 100644 Injection (Cross-Site Scripting (XSS))/hard/compose.yaml

diff --git a/Broken Access Control/hard/wierd-securitatis/Dockerfile b/Broken Access Control/hard/wierd-securitatis/Dockerfile
index 6fa55ac..0d9ba00 100644
--- a/Broken Access Control/hard/wierd-securitatis/Dockerfile	
+++ b/Broken Access Control/hard/wierd-securitatis/Dockerfile	
@@ -1,5 +1,5 @@
 FROM node:slim
-WORKDIR /wierd-securitatis
+WORKDIR /app
 
 COPY package*.json ./
 RUN npm install 
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/.env b/Injection (Cross-Site Scripting (XSS))/easy/.env
new file mode 100644
index 0000000..f15d463
--- /dev/null
+++ b/Injection (Cross-Site Scripting (XSS))/easy/.env	
@@ -0,0 +1,6 @@
+PORT = 3000
+COOKIE_KEY = "SECRET"
+FLAG = "NULL{C3rul3anSuns3t}"
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-injection-easy
\ No newline at end of file
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile b/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile
index 4d243ac..418cd6c 100644
--- a/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile	
+++ b/Injection (Cross-Site Scripting (XSS))/easy/Dockerfile	
@@ -1,6 +1,8 @@
-FROM node:18
+FROM node:slim
 WORKDIR /app
-COPY package*.json .
-RUN npm install
+
+COPY package*.json ./
+RUN npm install 
+
 COPY . .
 CMD [ "node", "index.js" ]
\ No newline at end of file
diff --git a/Injection (Cross-Site Scripting (XSS))/easy/compose.yaml b/Injection (Cross-Site Scripting (XSS))/easy/compose.yaml
new file mode 100644
index 0000000..468bea5
--- /dev/null
+++ b/Injection (Cross-Site Scripting (XSS))/easy/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:${PORT}
+
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/.env b/Injection (Cross-Site Scripting (XSS))/hard/.env
new file mode 100644
index 0000000..2f1eff8
--- /dev/null
+++ b/Injection (Cross-Site Scripting (XSS))/hard/.env	
@@ -0,0 +1,10 @@
+PORT = 3001
+COOKIE_KEY = "secret"
+BOT_USERNAME = "hi"
+BOT_PASSWORD = 123
+FLAG = "NULL{R0ogue3lephan1}"
+BOT_AUTH = "1234567890"
+DB_URI = "mongodb://localhost:27017"
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-injection-hard
\ No newline at end of file
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile b/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile
index 5bbbc9b..2686aa4 100644
--- a/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile	
+++ b/Injection (Cross-Site Scripting (XSS))/hard/Dockerfile	
@@ -1,6 +1,8 @@
-FROM node:18
+FROM node:slim
 WORKDIR /app
-COPY package*.json .
-RUN npm install
+
+COPY package*.json ./
+RUN npm install 
+
 COPY . .
 CMD [ "node", "index.js", "&&", "node", "puppeteerBot.js" ]
\ No newline at end of file
diff --git a/Injection (Cross-Site Scripting (XSS))/hard/compose.yaml b/Injection (Cross-Site Scripting (XSS))/hard/compose.yaml
new file mode 100644
index 0000000..6f7221f
--- /dev/null
+++ b/Injection (Cross-Site Scripting (XSS))/hard/compose.yaml	
@@ -0,0 +1,13 @@
+services:
+  db:
+    image: mongo:latest
+    restart: always
+  app:
+    build: .
+    ports:
+      - ${PORT}:${PORT}
+    depends_on:
+      db:
+        condition: service_started
+    environment:
+      DB_URI: mongodb://db:27017
diff --git a/Insecure Design/easy/Dockerfile b/Insecure Design/easy/Dockerfile
index 0fc6254..5e254d6 100644
--- a/Insecure Design/easy/Dockerfile	
+++ b/Insecure Design/easy/Dockerfile	
@@ -1,3 +1,4 @@
-FROM httpd:apline
+FROM httpd:alpine
+WORKDIR /app
 
 COPY ./index.html /usr/local/apache2/htdocs/index.html
\ No newline at end of file
diff --git a/Insecure Design/hard/et_tu/Dockerfile b/Insecure Design/hard/et_tu/Dockerfile
index 1408c82..3fe4d49 100644
--- a/Insecure Design/hard/et_tu/Dockerfile	
+++ b/Insecure Design/hard/et_tu/Dockerfile	
@@ -1,6 +1,5 @@
 FROM python:3.10-slim-buster
-
-WORKDIR /et_tu
+WORKDIR /app
 
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt

From 884f9dc2099547baca0a5eaf24a21fda7ee2a293 Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 11:47:01 +0530
Subject: [PATCH 05/10] Docker - Security Logging and Monitoring Failures

---
 .../easy/.env                                 |   4 +
 .../easy/Dockerfile                           |   4 +
 .../easy/compose.yaml                         |   6 +
 .../easy/index.html                           |  22 +--
 .../easy/index.php                            | 160 ------------------
 .../hard/.env                                 |   4 +
 .../hard/Dockerfile                           |   4 +
 .../hard/compose.yaml                         |   6 +
 .../hard/index.html                           |  24 +--
 .../hard/index.php                            | 160 ------------------
 .../hard/script.js                            |  20 +++
 11 files changed, 50 insertions(+), 364 deletions(-)
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml
 delete mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.php
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/.env
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/Dockerfile
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/compose.yaml
 delete mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.php
 create mode 100644 Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/script.js

diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env
new file mode 100644
index 0000000..bd5e72e
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/.env	
@@ -0,0 +1,4 @@
+PORT = 3124
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-security-logging-and-monitoring-failures-easy
\ No newline at end of file
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile
new file mode 100644
index 0000000..6a83a1d
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/Dockerfile	
@@ -0,0 +1,4 @@
+FROM httpd:alpine
+WORKDIR /app
+
+COPY ./ /usr/local/apache2/htdocs/
\ No newline at end of file
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html
index 56855dd..f3949d9 100644
--- a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html	
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.html	
@@ -92,26 +92,6 @@ <h1>Find IP of Attacker?</h1>
         <input type="text" id="keyInput" placeholder="Enter IP of Target">
         <button id="checkButton">Check IP</button>
     </div>
-    <script>
-        document.getElementById('checkButton').addEventListener('click', function() {
-            // Get the value entered by the user
-            var userKey = document.getElementById('keyInput').value;
-
-            // Define the correct key
-            var correctKey = "50.96.12.14";
-
-            // Check if the entered key matches the correct key
-            if (userKey === correctKey) {
-                // If the keys match, display an alert with the message
-                alert("NULL{L$4884#}");
-            } else {
-                // If the keys do not match, display an error message
-                alert("IP is incorrect. Please try again.");
-            }
-        });
-        document.addEventListener('contextmenu', function(e) {
-        e.preventDefault();
-        });
-    </script>
+    <script src="./script.js"></script>
 </body>
 </html>
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.php b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.php
deleted file mode 100644
index a1be1ac..0000000
--- a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/easy/index.php	
+++ /dev/null
@@ -1,160 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Security Logging and Monitoring Failures Logs</title>
-    <link rel="stylesheet" href="styles.css">
-    <style>
-        h1{
-    text-align: center;
-    margin-top: 100px ;
-}
-
-ol{
-    text-align: center;
-    line-height: 50px;
-}
-
-
-table {
-    margin: 0 auto; /* Center the table */
-    border-collapse: collapse;
-    width: 80%; /* Adjust the width as needed */
-    align-content: center;
-}
-
- th, td {
-    border: 1px solid black;
-    text-align: left;
-}
-
-th, td {
-    padding: 8px;
-}
-
-table, th, td {
-    border: none; /* Remove table borders */
-}
-
-.center-button{
-    text-align: center;
-
-}
-.form-container input,
-.form-container button {
-    margin: 0 auto;
-    display: block;
-}
-</style>
-</head>
-<body>
-    <h1>Security Logging and Monitoring Failures Challenge</h1>
-    <table>
-        <tr>
-            <th>Status</th>
-            <th>IP Address</th>
-            <th>User</th>
-            <th>Date/Time</th>
-            <th>Endpoint</th>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>16.54.21.88</td>
-            <td>azkab</td>
-            <td>2023-10-18T09:21:17</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>24.56.23.11</td>
-            <td>voldemort</td>
-            <td>2023-10-18T10:19:22</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>18.34.10.38</td>
-            <td>hary</td>
-            <td>2023-10-18T11:11:44</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>95.18.43.20</td>
-            <td>eric</td>
-            <td>2023-10-18T11:55:51</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>57.34.22.10</td>
-            <td>Ron</td>
-            <td>2023-10-18T13:08:59</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>24.55.11.14</td>
-            <td>Albus</td>
-            <td>2023-10-21T16:08:15</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>admin</td>
-            <td>2023-10-21T21:08:15</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>administrator</td>
-            <td>2023-10-21T21:08:20</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>anonymous</td>
-            <td>2023-10-21T21:08:25</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>root</td>
-            <td>2023-10-21T21:08:30</td>
-            <td>/login</td>
-        </tr>
-    </table>
-
-    <h1>Find Attack Performed?</h1>
-    <div class="center-button">
-        <input type="text" id="keyInput" placeholder="Attack Performed?">
-        <button id="checkButton">What is the attacker IP?</button>
-    </div>
-    <script>
-        document.getElementById('checkButton').addEventListener('click', function() {
-            // Get the value entered by the user
-            var userKey = document.getElementById('keyInput').value;
-
-            // Define the correct key
-            var correctKey = "50.96.12.14";
-
-            // Check if the entered key matches the correct key
-            if (userKey === correctKey) {
-                // If the keys match, display an alert with the message
-                alert("NULL{L$4884#}");
-            } else {
-                // If the keys do not match, display an error message
-                alert("IP is incorrect. Please try again.");
-            }
-        });
-
-        document.addEventListener('contextmenu', function(e) {
-        e.preventDefault();
-        });
-
-    </script>
-</body>
-</html>
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/.env b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/.env
new file mode 100644
index 0000000..b92125a
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/.env	
@@ -0,0 +1,4 @@
+PORT = 3125
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-security-logging-and-monitoring-failures-hard
\ No newline at end of file
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/Dockerfile b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/Dockerfile
new file mode 100644
index 0000000..6a83a1d
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/Dockerfile	
@@ -0,0 +1,4 @@
+FROM httpd:alpine
+WORKDIR /app
+
+COPY ./ /usr/local/apache2/htdocs/
\ No newline at end of file
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/compose.yaml b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.html b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.html
index 2c7631e..12a951e 100644
--- a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.html	
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.html	
@@ -92,28 +92,6 @@ <h1>Find Attack Performed?</h1>
         <input type="text" id="keyInput" placeholder="Attack Performed?">
         <button id="checkButton">Find Attack</button>
     </div>
-    <script>
-        document.getElementById('checkButton').addEventListener('click', function() {
-            // Get the value entered by the user
-            var userKey = document.getElementById('keyInput').value;
-
-            // Define the correct key
-            var correctKey = "Brute Force";
-
-            // Check if the entered key matches the correct key
-            if (userKey === correctKey) {
-                // If the keys match, display an alert with the message
-                alert("NULL{L@K&E#}");
-            } else {
-                // If the keys do not match, display an error message
-                alert("IP is incorrect. Please try again.");
-            }
-        });
-
-        document.addEventListener('contextmenu', function(e) {
-        e.preventDefault();
-        });
-
-    </script>
+    <script src="./script.js"></script>
 </body>
 </html>
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.php b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.php
deleted file mode 100644
index 594d95e..0000000
--- a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/index.php	
+++ /dev/null
@@ -1,160 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Security Logging and Monitoring Failures Logs</title>
-    <link rel="stylesheet" href="styles.css">
-    <style>
-        h1{
-    text-align: center;
-    margin-top: 100px ;
-}
-
-ol{
-    text-align: center;
-    line-height: 50px;
-}
-
-
-table {
-    margin: 0 auto; /* Center the table */
-    border-collapse: collapse;
-    width: 80%; /* Adjust the width as needed */
-    align-content: center;
-}
-
- th, td {
-    border: 1px solid black;
-    text-align: left;
-}
-
-th, td {
-    padding: 8px;
-}
-
-table, th, td {
-    border: none; /* Remove table borders */
-}
-
-.center-button{
-    text-align: center;
-
-}
-.form-container input,
-.form-container button {
-    margin: 0 auto;
-    display: block;
-}
-</style>
-</head>
-<body>
-    <h1>Security Logging and Monitoring Failures Challenge</h1>
-    <table>
-        <tr>
-            <th>Status</th>
-            <th>IP Address</th>
-            <th>User</th>
-            <th>Date/Time</th>
-            <th>Endpoint</th>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>16.54.21.88</td>
-            <td>azkab</td>
-            <td>2023-10-18T09:21:17</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>24.56.23.11</td>
-            <td>voldemort</td>
-            <td>2023-10-18T10:19:22</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>18.34.10.38</td>
-            <td>hary</td>
-            <td>2023-10-18T11:11:44</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>95.18.43.20</td>
-            <td>eric</td>
-            <td>2023-10-18T11:55:51</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>57.34.22.10</td>
-            <td>Ron</td>
-            <td>2023-10-18T13:08:59</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>200 OK</td>
-            <td>24.55.11.14</td>
-            <td>Albus</td>
-            <td>2023-10-21T16:08:15</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>admin</td>
-            <td>2023-10-21T21:08:15</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>administrator</td>
-            <td>2023-10-21T21:08:20</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>anonymous</td>
-            <td>2023-10-21T21:08:25</td>
-            <td>/login</td>
-        </tr>
-        <tr>
-            <td>401 Unauthorised</td>
-            <td>50.96.12.14</td>
-            <td>root</td>
-            <td>2023-10-21T21:08:30</td>
-            <td>/login</td>
-        </tr>
-    </table>
-
-    <h1>Find Attack Performed?</h1>
-    <div class="center-button">
-        <input type="text" id="keyInput" placeholder="Attack Performed?">
-        <button id="checkButton">Find Attack</button>
-    </div>
-    <script>
-        document.getElementById('checkButton').addEventListener('click', function() {
-            // Get the value entered by the user
-            var userKey = document.getElementById('keyInput').value;
-
-            // Define the correct key
-            var correctKey = "Brute Force";
-
-            // Check if the entered key matches the correct key
-            if (userKey === correctKey) {
-                // If the keys match, display an alert with the message
-                alert("NULL{L@K&E#}");
-            } else {
-                // If the keys do not match, display an error message
-                alert("Answer is incorrect. Please try again.");
-            }
-        });
-
-        document.addEventListener('contextmenu', function(e) {
-        e.preventDefault();
-        });
-
-    </script>
-</body>
-</html>
diff --git a/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/script.js b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/script.js
new file mode 100644
index 0000000..7ba52bd
--- /dev/null
+++ b/Security Logging and Monitoring Failures (Insufficient Logging and Monitoring)/hard/script.js	
@@ -0,0 +1,20 @@
+document.getElementById('checkButton').addEventListener('click', function() {
+    // Get the value entered by the user
+    var userKey = document.getElementById('keyInput').value;
+
+    // Define the correct key
+    var correctKey = "Brute Force";
+
+    // Check if the entered key matches the correct key
+    if (userKey === correctKey) {
+        // If the keys match, display an alert with the message
+        alert("NULL{L@K&E#}");
+    } else {
+        // If the keys do not match, display an error message
+        alert("IP is incorrect. Please try again.");
+    }
+});
+
+document.addEventListener('contextmenu', function(e) {
+e.preventDefault();
+});
\ No newline at end of file

From 62cfa07ef4598f10fb2e03391467bea04ddb5829 Mon Sep 17 00:00:00 2001
From: Sai Sanjay Kottakota <97831658+sanjay7178@users.noreply.github.com>
Date: Sat, 18 Nov 2023 07:17:10 +0000
Subject: [PATCH 06/10] added docker conf for voc-hard

---
 .../hard/wierd-securitatis/bac-hard.yaml      | 48 +++++++++++++++++++
 .../hard/Dockerfile                           |  4 ++
 2 files changed, 52 insertions(+)
 create mode 100644 Broken Access Control/hard/wierd-securitatis/bac-hard.yaml
 create mode 100644 Vulnerable and Outdated Components (Using Components & Known Vulnerabilites)/hard/Dockerfile

diff --git a/Broken Access Control/hard/wierd-securitatis/bac-hard.yaml b/Broken Access Control/hard/wierd-securitatis/bac-hard.yaml
new file mode 100644
index 0000000..f5183e2
--- /dev/null
+++ b/Broken Access Control/hard/wierd-securitatis/bac-hard.yaml	
@@ -0,0 +1,48 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: my-ingress
+spec:
+  rules:
+  - host: chall.nullvitap.tech
+    http:
+      paths:
+      - path: /bac-hard
+        pathType: Prefix
+        backend:
+          service:
+            name: bac-hard-service
+            port:
+              number: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bac-hard-service
+spec:
+  selector:
+    app: bac-hard
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3555
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bac-hard-deployment
+spec:
+  replicas: 1  # Set the desired number of replicas for Docker 1
+  selector:
+    matchLabels:
+      app: bac-hard
+  template:
+    metadata:
+      labels:
+        app: bac-hard
+    spec:
+      containers:
+      - name: docker1-container
+        image: sanjay7178/hu-chall-23:bac-hard
+        ports:
+        - containerPort: 3555
diff --git a/Vulnerable and Outdated Components (Using Components & Known Vulnerabilites)/hard/Dockerfile b/Vulnerable and Outdated Components (Using Components & Known Vulnerabilites)/hard/Dockerfile
new file mode 100644
index 0000000..c66c5df
--- /dev/null
+++ b/Vulnerable and Outdated Components (Using Components & Known Vulnerabilites)/hard/Dockerfile	
@@ -0,0 +1,4 @@
+FROM openjdk:11
+WORKDIR /app
+COPY ./ ./
+CMD java  -jar  ./package/package/target/king-of-pop-1.0-SNAPSHOT.jar

From 9bd515e2a58e20ec21bf5847e39b4cb03794a1f9 Mon Sep 17 00:00:00 2001
From: adikpb <67222969+adikpb@users.noreply.github.com>
Date: Sat, 18 Nov 2023 12:50:27 +0530
Subject: [PATCH 07/10] Docker - Security Misconfiguration Template

---
 .../easy/.env                                               | 4 ++++
 .../easy/Dockerfile                                         | 4 ++++
 .../easy/compose.yaml                                       | 6 ++++++
 .../hard/.env                                               | 4 ++++
 .../hard/Dockerfile                                         | 4 ++++
 .../hard/compose.yaml                                       | 6 ++++++
 6 files changed, 28 insertions(+)
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/easy/.env
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/easy/compose.yaml
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/hard/.env
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile
 create mode 100644 Security Misconfiguration (XML External Entity (XXE))/hard/compose.yaml

diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/.env b/Security Misconfiguration (XML External Entity (XXE))/easy/.env
new file mode 100644
index 0000000..edc3bea
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/.env	
@@ -0,0 +1,4 @@
+PORT = 4359
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-security-misconfiguration-easy
\ No newline at end of file
diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile
new file mode 100644
index 0000000..1f85c0a
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
@@ -0,0 +1,4 @@
+FROM php:cli
+
+COPY . /var/www/html/
+RUN 
\ No newline at end of file
diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/compose.yaml b/Security Misconfiguration (XML External Entity (XXE))/easy/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+
diff --git a/Security Misconfiguration (XML External Entity (XXE))/hard/.env b/Security Misconfiguration (XML External Entity (XXE))/hard/.env
new file mode 100644
index 0000000..c012456
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/hard/.env	
@@ -0,0 +1,4 @@
+PORT = 4360
+
+# Docker
+COMPOSE_PROJECT_NAME = challenges2023owasp10-security-misconfiguration-hard
\ No newline at end of file
diff --git a/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile
new file mode 100644
index 0000000..d5fa530
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile	
@@ -0,0 +1,4 @@
+FROM php:apache
+
+RUN  sudo apt install php-xml
+COPY . /var/www/html
\ No newline at end of file
diff --git a/Security Misconfiguration (XML External Entity (XXE))/hard/compose.yaml b/Security Misconfiguration (XML External Entity (XXE))/hard/compose.yaml
new file mode 100644
index 0000000..1a3ea97
--- /dev/null
+++ b/Security Misconfiguration (XML External Entity (XXE))/hard/compose.yaml	
@@ -0,0 +1,6 @@
+services:
+  app:
+    build: .
+    ports: 
+      - ${PORT}:80
+

From 010c4343742e6835d9c42e82053e74b39ec086b4 Mon Sep 17 00:00:00 2001
From: Sai Sanjay Kottakota <97831658+sanjay7178@users.noreply.github.com>
Date: Sat, 18 Nov 2023 07:33:16 +0000
Subject: [PATCH 08/10] docker conf  for sm-hard and  sm-easy

---
 .../easy/Dockerfile                                   |  9 +++++++--
 .../hard/Dockerfile                                   | 11 ++++++++---
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile
index 1f85c0a..8f8bdc1 100644
--- a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
@@ -1,4 +1,9 @@
 FROM php:cli
 
-COPY . /var/www/html/
-RUN 
\ No newline at end of file
+COPY . ./app
+
+WORKDIR ./app
+
+EXPOSE 8005
+
+ENTRYPOINT  ["php", "-S", "localhost:8004"]
\ No newline at end of file
diff --git a/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile
index d5fa530..caf16df 100644
--- a/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile	
+++ b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile	
@@ -1,4 +1,9 @@
-FROM php:apache
+FROM php:cli
 
-RUN  sudo apt install php-xml
-COPY . /var/www/html
\ No newline at end of file
+COPY . ./app
+
+WORKDIR ./app
+
+EXPOSE 8005
+
+ENTRYPOINT  ["php", "-S", "localhost:8005"]
\ No newline at end of file

From 1c53be24c8dbbfd1b51181b4b7c1132a4192e267 Mon Sep 17 00:00:00 2001
From: Sai Sanjay Kottakota <97831658+sanjay7178@users.noreply.github.com>
Date: Sat, 18 Nov 2023 07:35:32 +0000
Subject: [PATCH 09/10] added new docker conf

---
 .../easy/Dockerfile                                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile
index 8f8bdc1..687cecc 100644
--- a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
@@ -4,6 +4,6 @@ COPY . ./app
 
 WORKDIR ./app
 
-EXPOSE 8005
+EXPOSE 8004
 
 ENTRYPOINT  ["php", "-S", "localhost:8004"]
\ No newline at end of file

From 35180c2411fd0287e1d97abcbc75264f478ab6c7 Mon Sep 17 00:00:00 2001
From: Sai Sanjay Kottakota <97831658+sanjay7178@users.noreply.github.com>
Date: Sat, 18 Nov 2023 08:02:15 +0000
Subject: [PATCH 10/10] docker conf added

---
 .../easy/Dockerfile                           | 18 +++++++++++++-----
 .../hard/Dockerfile                           | 19 ++++++++++++++-----
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile
index 687cecc..9cc2efe 100644
--- a/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
+++ b/Security Misconfiguration (XML External Entity (XXE))/easy/Dockerfile	
@@ -1,9 +1,17 @@
-FROM php:cli
+# Use Alpine Linux with PHP 7.4
+FROM php:7.4-alpine
 
-COPY . ./app
+# Install necessary packages for XML support
+RUN apk --update add libxml2 libxml2-dev && \
+    apk add php-xml 
 
-WORKDIR ./app
+# Set the working directory to /app
+WORKDIR /app
 
-EXPOSE 8004
+# Copy the current directory contents into the container at /app
+COPY . /app
 
-ENTRYPOINT  ["php", "-S", "localhost:8004"]
\ No newline at end of file
+# Expose port 80 to the outside world
+EXPOSE 80
+# Define the command to run your PHP script using the built-in server
+CMD ["php", "-S", "0.0.0.0:80"]
diff --git a/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile
index caf16df..f9c4bb1 100644
--- a/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile	
+++ b/Security Misconfiguration (XML External Entity (XXE))/hard/Dockerfile	
@@ -1,9 +1,18 @@
-FROM php:cli
+# Use Alpine Linux with PHP 7.4
+FROM php:7.4-alpine
 
-COPY . ./app
+# Install necessary packages for XML support
+RUN apk --update add libxml2 libxml2-dev && \
+    apk add php-xml 
 
-WORKDIR ./app
+# Set the working directory to /app
+WORKDIR /app
 
-EXPOSE 8005
+# Copy the current directory contents into the container at /app
+COPY . /app
 
-ENTRYPOINT  ["php", "-S", "localhost:8005"]
\ No newline at end of file
+# Expose port 80 to the outside world
+EXPOSE 80
+
+# Define the command to run your PHP script using the built-in server
+CMD ["php", "-S", "0.0.0.0:80" ]