Installing, Configuring, and Building WARD
The Web Application Reliability and Defense (WARD) framework is a two-part security solution that can be used during code development. WARD is composed of SecureUnit for vulnerability detection and SecureFilter for vulnerability protection. SecureUnit enables developers to write automated, reusable, and customizable JUnit tests to launch attacks on their system to reveal security vulnerabilities. SecureFilter is a customizable server-side choke point containing a regular expression-based filter to match legal input according to system requirements.
These instructions have been tested in the following environment
Instructions assume Operating System, JDK and Eclipse are installed and
0. Before you begin
Be sure (1) you are in the Eclipse workspace that contains your copy of iTrust. We recommend for both speed and compatibility that you place your Eclipse workspace in C:\eclipse\workspace_<unityid> where <unityid> is your unity id. Also be sure that (2) iTrust is compiling and that (3) it is successfully deployed onto your instance of Tomcat. (4) Start Tomcat and (5) start the iTrust application.
During the installation, if you get the following error:
Just click OK and your installation should proceed without further complications.
1. Installing Maven 2.0 integration 0.0.5 into Eclipse
WARD was implemented in the Maven environment to facilitate building and documentation. [http://maven.apache.org/ Maven is a software project management and comprehension tool.]
From the Eclipse menu bar,
2. Configuring Maven
But now Maven needs to be correctly configured to work in your Java environment:
1. Go to Start -> Run, and type in "C:\Documents and Settings\<unityid>", where <unityid> is your unity id.
2. Create a new folder called "Maven."
3. Back in Eclipse/MyEclipse, go to Window -> Preferences -> Maven2
4. For local repository folder, click Browse . . .
5. Find the folder you created in step 2.2 (in your C drive) and after selecting it, hit apply. OK.
6. Window -> Preferences -> Java -> Build Path -> Classpath Variables.
7. Click New . . . Name: M2_REPO. Next to Path, click Folder and select the folder you created in step 2.2. Click OK to add the variable.
8. Click OK to close the preferences Window.
3. Installing WARD from the SVN repository at SourceForge.net
4. Building WARD
20. Finish (Eclipse will rebuild your Eclipse workspace at this point automatically)
5. Deploying WARD
5.1 Type definitions
Now you will need to add the type definitions to your web.xml file. Follow these steps:
So your web.xml file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
3. Stop Tomcat.
4. Refresh the iTrust project (refresh the WEB-INF folder AND the WEB-INF/lib folder)
5. Start Tomcat.
5.2 Running a SecureUnit test on iTrust
NOTE: For your assignment, you will not have to run the external tool, ward-securefilter_clean_install_eclipse or ward-securefilter_install after the initial build, unless you want to make changes to the ward-securefilter project. Once you deploy the ward-securefiler-1.0-SNAPSHOT.jar to the WEB-INF\lib directory you are done with SecureFilter. Also, you will not have to rebuild the ward-secureunit project when you create new test cases.
The result of running iTrustHomePageTest.java