Configuration to use OWASP WebGoat whilw online? [closed]

OWASP WebGoat is a deliberately insecure webapplication with a set of tutorials how to hack it (and how to protect your own application). OWASP advises to disconnect from the internet while using it since it is an insecure application after all, and firewalls might be misconfigured or missing (see the prior question OWASP WebGoat Warning Meaning).

Is there a checklist how to use WebGoat safely while in a video conference? The first step is presumably to run it in the docker container. How do I configure that docker?

In setting up a VM, does the Bridged or NAT configuration provide more separation security?

I am setting up a few VM’s (assume VB w/ Linux). They will all be on the same PC host (assume Linux) and the intent is to have all the VM’s handle separate functions (business, personal finance, and fuck off time) and have no connection to each other through the network or otherwise. I want to set them up in a way that creates the best security as far as separation from each other and the host. The host will function only to host the VM’s. I would prefer to use one VPN subscription, which has been purchased anonymously. However, if this compromises the separation of these VM’s, then I would consider changing the approach.

So, the question here is, given this setup, which method (Bridged or NAT) would work better as far as providing the least amount of leaked information between the VM’s/Host?

Additional information:

The plan is to setup software firewalls allowing only outgoing connections for the VM’s and the host. I am still looking into whether this is best approach (secure and user friendly approach).

Any other board allowable suggestions would also be appreciated.

Optional/Mandatory Requirement For ‘req’ Command Configuration File Options Missing In OpenSSL v1.1.1g Manual Pages?

The OpenSSL v1.1.1 manual page for the req command’s Configuration File Format options seems to be missing any mention about whether each option is mandatory or optional. The other OpenSSL command manual pages (ca and ts) that support configuration file usage do stipulate whether each configuration file option is mandatory or optional.

Does anyone know which req configuration file options are mandatory and which are optional?

How Is The OpenSSL Configuration File Parsed?

I’m trying to understand how OpenSSL parses its configuration file. In the sample configuration file that is installed with OpenSSL v1.1.1g, its seems to be divided into three main sections – the [ ca ] section, the [ req ] section, and the [ tsa ] section (because of the lines that contain ############# ... that separate these sections). Inside the [ ca ] and [ req ] sections there are key/value pairs whose name is a command option and whose value "links" to another section in the configuration file. A good example is the x509_extensions = usr_cert key/value pair in the [ ca ] section.

I am under the impression that the OpenSSL config file is processed by the OpenSSL parser starting at the first line of the file and processing the next line in turn (please correct me if that’s not the case). Therefore, I would expect the [ ca ] section’s x509_extensions = usr_cert to be linked to a section of the config file that occurrs inside the [ ca ] section. But it doesn’t – it links to the [ usr_cert ] section that occurs inside the [ req ] section, which is outside the [ ca ] section.

So, what’s happening when the OpenSSL parser processes the configuration file? Is my visual perception of inside and outside wrong when I read the configuration file? Does the parser "call" the linked section, process its key/value pairs, then return parsing of the config file to the next line in the config file? If this is the case, wouldn’t it make it much easier to understand the structure of the config file if "links" to sections that pertained to the command whose section is being parsed were actually present within the command’s section?

Can Windows CMD/DOS Commands Be Used In An OpenSSL Configuration File On Windows 10? [migrated]

I’m using OpenSSL v1.1.1g on a Windows 10 machine (I don’t know Linux – yet). Can Windows CMD/DOS commands be used in the OpenSSL configuration file or is the configuration file limited to the use of OpenSSL commands only? I assume the answer to this question is "No" since OpenSSL uses its own parser to process OpenSSL configuration files, but I’d like to have my assumption confirmed.

Configurations and CNF formula for neighboring configuration

A configuration of a Turing machine $ M$ which runs in space $ S(n)$ contains the state, the head positions, and the content of non-blank cells of all the tapes. For $ M$ and an input $ x$ , we define its configuration graph $ G_{M,x}$ as a directed graph whose nodes correspond to all the possible configurations and there is an edge from a configuration $ C$ to $ C’$ if $ C’$ can be reached from $ C$ in one step.

First question: In Arora-Barak (snapshot below), they say that these nodes can be encoded in a binary string of length $ O(S(n))$ . Such encoding contains the state, all symbols under the head, and non-blank content of work tapes with special marking to denote the location of the head. I think this is not correct since such an encoding doesn’t contain the input head position. If we don’t store the input head position, which requires O(\log n) bits, then two nodes can map to the same encoding, which seems wrong. Am I right? Although storing the input head position will not increase the length of the encoding since we are assuming in the book that $ S(n) > \log n$ .

Second question: Next Arora-Barak says that we can construct a CNF formula $ \phi_{M,x}$ such that for any two strings $ C$ and $ C’$ , $ \phi_{M,x}(C,C’) = 1$ iff $ C$ and $ C’$ encode two neighboring configuration in $ G_{M,x}$ . I am not able to figure out the proof of this claim with the kind of encoding that I have described above i.e. encoding in which we also store the index of input head. Suppose a configuration C has $ q_1, q_2, \dots, q_c$ bits for state, $ h_1,h_2, \dots, h_{O(\log n)}$ bits for input head positions, $ w_1, w_2, \dots, w_{S(n)}$ bits for work tape content and $ wh_1, wh_2, \dots, wh_{S(n)}$ bits for work tape head position, where $ wh_i$ is equal to 1 if the head is on the $ i$ th cell, else it is equal to 0. Then how with such an encoding we can construct a CNF formula as described at the beginning of this question?

enter image description here