Feature/lab12

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+## Goal
+What is the purpose of this PR?
+
+## Changes
+- 
+
+## Testing
+-
+
+## Artifacts & Screenshots
+- 
+
+### Checklist
+- [ ] Clear PR title
+- [ ] Docs updated if needed
+- [ ] No secrets or large temp files committed

.gitignore

@@ -0,0 +1,7 @@
+labs/lab8/signing/cosign.key
+
+# Lab 10 local clone
+labs/lab10/setup/django-DefectDojo/
+
+# Local certs
+labs/lab11/reverse-proxy/certs/*.key

labs/lab10/imports/import-nuclei-results.json.json

@@ -0,0 +1 @@
+{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":3,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":1,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":1},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":1,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":1}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Nuclei Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":3}

labs/lab10/imports/import-semgrep-results.json.json

@@ -0,0 +1 @@
+{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":2,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Semgrep Pro JSON Report","close_old_findings":false,"close_old_findings_product_scope":false,"test":2}

labs/lab10/imports/import-zap-report-noauth.json.json

@@ -0,0 +1 @@
+{"message":"['Internal error: Wrong file format, please use xml.']","pro":["Pro comes with support. Try today for free or email us at hello@defectdojo.com"]}

labs/lab10/report/engagements.csv

@@ -0,0 +1,3 @@
+"","Name","Type","Lead","Date","Length","Tests","Active (Verified / Fixable)","Accepted","All","Duplicates"
+"                                                                                                                              View                                                                                                                                                             Edit                                                                                                                                                           Copy                                                                                                                                                                                                                       Close                                                                                                                                                                                                                                                                                      Add Tests                                                                                                                                                                                                                            Import Scan Results                                                                                                                                                                                                                      View Active Findings                                                                                                                                                          View Active and Verified Findings                                                                                                                                                          View Mitigated Findings                                                                                                                                                                View Accepted Findings                                                                                                                                                                View All Findings                                                                                                                                                                                           Engagement Report                                                                                                                                                                                                                      Delete Engagement","Labs Security Testing","CI/CD","Admin User (admin)","13th April  - 13th April","1 year","3                                                                                                                                                                                                           Recent tests                                                              (last 7 days)                                                                                                                                                                                 ZAP Scan, April 13, 2026, 6:28 p.m.                                                                                                                                                                                     Semgrep Pro JSON Report, April 13, 2026, 6:28 p.m.                                                                                                                                                                                     Nuclei Scan, April 13, 2026, 6:28 p.m.                                                                                                                                                                               View all 3 tests...","1 (0/0)","0","1","0"
+

labs/lab10/report/metrics-snapshot.md

@@ -0,0 +1,11 @@
+# Metrics Snapshot — Lab 10
+
+- Date captured: 2026-04-13
+- Active findings:
+  - Critical: 0
+  - High: 0
+  - Medium: 0
+  - Low: 0
+  - Informational: 1
+- Verified vs. Mitigated notes:
+  Most findings are still active; no mitigation workflow applied in this lab.

labs/lab11/analysis/headers-http.txt

@@ -0,0 +1,15 @@
+HTTP/1.1 308 Permanent Redirect
+Server: nginx
+Date: Mon, 20 Apr 2026 17:10:07 GMT
+Content-Type: text/html
+Content-Length: 164
+Connection: keep-alive
+Location: https://localhost:8443/
+X-Frame-Options: DENY
+X-Content-Type-Options: nosniff
+Referrer-Policy: strict-origin-when-cross-origin
+Permissions-Policy: camera=(), geolocation=(), microphone=()
+Cross-Origin-Opener-Policy: same-origin
+Cross-Origin-Resource-Policy: same-origin
+Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'
+

labs/lab11/analysis/headers-https.txt

@@ -0,0 +1,21 @@
+HTTP/2 200 
+server: nginx
+date: Mon, 20 Apr 2026 17:10:28 GMT
+content-type: text/html; charset=UTF-8
+content-length: 75002
+feature-policy: payment 'self'
+x-recruiting: /#/jobs
+accept-ranges: bytes
+cache-control: public, max-age=0
+last-modified: Mon, 20 Apr 2026 17:01:07 GMT
+etag: W/"124fa-19dabd6b08c"
+vary: Accept-Encoding
+strict-transport-security: max-age=31536000; includeSubDomains; preload
+x-frame-options: DENY
+x-content-type-options: nosniff
+referrer-policy: strict-origin-when-cross-origin
+permissions-policy: camera=(), geolocation=(), microphone=()
+cross-origin-opener-policy: same-origin
+cross-origin-resource-policy: same-origin
+content-security-policy-report-only: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'
+

labs/lab11/analysis/rate-limit-test.txt

@@ -0,0 +1,12 @@
+401
+401
+401
+401
+401
+401
+429
+429
+429
+429
+429
+429