Creating a Sandbox Account on Uleska
There are many people who want to check out how the Uleska Platform can automate their security tools and manage their vulnerabilities, without hooking it up (at first) to their company code repos and projects. That's absolutely fine, and here we can suggest some good ways to try Uleska out for yourself.
Taking Uleska for a test drive
Step 1: Create an Account
Creating a sandbox account is exactly the same as creating a normal account with Uleska. You can setup an account using your SSO account on GitHub, GitLab, BitBucket (Atlassian) or Google, or you can click on the 'Create an Account' link to use your e-mail address to sign up.
Go to https://cloud.uleska.com/ to create an account.

If you create a new account with your existing Github account Uleska will ask you if you want to add in existing repos - you can skip this if you wish and use the open source repos we suggest later.
You will then be presented with a 'Welcome to Uleska' screen where you'll be asked to set up the name of your Company. Enter any name you'll recognize here.
.png?width=580&name=Untitled%20(15).png)
Step 2: Add Some Open Source Things to Test
Let's do some testing. Depending on the type of testing you want to try out, there's three main ways to test with a sandbox:
- Static code security testing (through code repos)
- Dynamic project security testing (through URLs)
- Container security testing
Static Code Testing
There are a lot of deliberately vulnerable source code repos out that that are open source and free for anyone to try out. Here we list a few repos that are good to try out, and suggested testing tools to use:
- Damn Small Vulnerable Web
- Vulnerable Django Application
-
- Vulnerable Web Application Security Lab
- Vulnerable API
To set up testing with these repos and tools:
- In the "Applications" menu from the left menu bar, click "Add new application"
- Enter an Application Name and quick description, leave the rest of the values as default for now.
- Click "Save".
- On the application you've just added, add a version.

- Enter a "Version Name" and enter the Code Repo you want to use (from above) as the "Source Code Origin" (note these are all public, so you don't need to setup any authentication this time round).
- Click "Save and Continue" and go to the "Test Tools" tab.

- Click on the Suggested Tools (again from above) and click "Save"

- Now you're sandbox application and version are ready for testing. Click the "Test Now" button to kick off the toolkit and track the progress.

- When the testing has completed, click on the "Results" button to see the issues.

Dynamic Project Security Testing
There are not as many deliberately vulnerable dynamic projects out there (someone has to run them) but the Google Firing Range is very popular, and OWASP ZAP is a free dynamic testing tool you can setup for your sandbox:
To set up testing with Google Firing Range and OWASP ZAP:
- In the "Applications" menu from the left menu bar, click "Add new application"
- Enter an Application Name and quick description, leave the rest of the values as default for now.
- Click "Save".
- On the application you've just added, add a version.

- Enter a "Version Name" and enter the target URL you want to use (from above) as the "Url" (note this is public, so you don't need to set up any authentication this time round).
- Click "Save and Continue" and go to the "Test Tools" tab.

- Click on the Suggested Tools (again from above) and click "Save"

- Now you're sandbox application and version are ready for testing. Click the "Test Now" button to kick off the toolkit and track the progress.

- When the testing has completed, click on the "Results" button to see the issues.

Container Security Testing
Fortunately (or very unfortunately) there are plenty of open source container images out there that are vulnerable. There are some projects that are deliberately vulnerable for you to try out. See our steps to add container images and suggested testing tools to use:
- Damn Vulnerable Web Application Docker Container
- Docker image: vulnerables/web-dvwa:latest
- Suggested Tool:
- Older Version of Alpine
- Docker image: alpine:2.6
- Suggested Tool:
To set up testing with containers:
- In the "Applications" menu from the left menu bar, click "Add new application"
- Enter an Application Name and quick description, leave the rest of the values as default for now.
- Click "Save".
- On the application you've just added, add a version.

- Enter a "Version Name" and click "Save and Continue"
- Click on the "Container" tab and enter the container image and tag you want to use (from above). Since these containers are available on the public Docker, you won't need to enter a Connection.
- Click "Test and Preview Manifest" to verify the components of the container configuration.
- If the configuration is valid, you will see a green success dialog and the manifest preview will populate with the components of the container

- Click "Save" to confirm the Container configuration
- Go to the "Test Tools" tab.

- Click on the Suggested Tools (again from above) and click "Save"

- Now you're sandbox application and version are ready for testing. Click the "Test Now" button to kick off the toolkit and track the progress.

- When the testing has completed, click on the "Results" button to see the issues.

Now We've Tested, Let's Play
Well done! You've ran some testing toolkits in your sandbox account. Now you can play with some of the vulnerability management and reporting available, and hook this testing up to a CI/CD.
Why not try some of the following: