Skip to main content
Choose the sandbox option that best fits your needs. The Secure Architecture Sandbox Testing Environment is recommended for comprehensive security testing with automated reporting.

Prerequisites

Before setting up any sandbox environment, ensure you have:
  • A secure, updated browser (Chromium or Microsoft Edge)
  • Basic understanding of command-line interfaces
  • Git installed (for most options)
  • Sufficient system resources for your chosen sandbox method

Secure Architecture Sandbox

Recommended Solution

The Secure Architecture Sandbox Testing Environment has been specifically designed for sandbox testing of the Unsecure PWA.

Key Features

Multi-Layer Isolation

Authentic containerized architecture with multiple isolation layers for maximum security.

Automated Reporting

Generates SAST, DAST, network, and penetration testing reports automatically.

Pre-Installed Apps

Sample vulnerable applications pre-installed for immediate testing.

Custom App Upload

Upload and test your own Flask applications within the secure environment.

Educational Pen Testing

Ethically designed penetration testing tools specifically for education context.

Network Analysis

Built-in network monitoring and analysis capabilities.

Setup Instructions

1

Clone the Repository

git clone https://github.com/TempeHS/Secure_Architecture_Sandbox_Testing_Environment.git
cd Secure_Architecture_Sandbox_Testing_Environment
2

Follow Installation Guide

Refer to the repository’s README for detailed installation and configuration instructions specific to your operating system.
3

Deploy Normo Unsecure PWA

Upload or clone the Normo Unsecure PWA within the sandbox environment according to the sandbox documentation.
4

Access Testing Tools

Use the integrated SAST, DAST, and penetration testing tools provided by the environment.
5

Generate Reports

Run automated scans and generate comprehensive security reports for analysis.
Always ensure the Secure Architecture Sandbox is properly isolated from your production network before deploying vulnerable applications.

GitHub Codespaces

GitHub Codespaces provides a cloud-based development environment with built-in isolation, perfect for quick setup without local installation.

Setup Instructions

1

Navigate to Repository

Go to the Normo Unsecure PWA repository on GitHub.
2

Create Codespace

Click the green Code button, select the Codespaces tab, and click Create codespace on main.
3

Wait for Environment Setup

GitHub will automatically provision a containerized development environment with VSCode in your browser.
4

Install Dependencies

pip install flask
# Install any additional dependencies from .student_resources
5

Run the Application

python main.py
GitHub Codespaces will automatically forward port 5000 and provide a secure URL.
6

Access the Application

Click the forwarded port URL in the terminal or Ports panel to open the application.
Benefits: No local setup required, automatic environment teardown, built-in VSCode integration, and free tier available for students.
  • Port Forwarding: Codespaces automatically handles port forwarding with HTTPS encryption
  • Resource Limits: Free tier includes 60 hours/month of usage
  • Persistence: Your codespace persists between sessions but can be deleted when not in use
  • Isolation: Each codespace runs in its own container, isolated from your local machine
  • Testing URLs: When testing, use the forwarded URL provided by Codespaces instead of localhost

CodeSandbox

CodeSandbox.io offers a browser-based development environment suitable for quick testing without any local installation.

Setup Instructions

1

Create Account

Sign up at CodeSandbox.io using your GitHub account.
2

Import Repository

Use the “Import from GitHub” feature and enter the Normo Unsecure PWA repository URL.
3

Configure Environment

CodeSandbox will detect the Python Flask application and set up the environment automatically.
4

Install Dependencies

Run the terminal command to install Flask:
pip install flask
5

Start the Server

python main.py
CodeSandbox provides an instant preview URL.
CodeSandbox is suitable for basic testing but may have limitations for advanced penetration testing tools. Consider using a more robust sandbox for comprehensive security assessments.

Docker Containers

Docker provides lightweight containerization for consistent, isolated environments across different host systems.

Prerequisites

  • Docker Desktop installed on your system
  • Basic familiarity with Docker commands

Setup Instructions

1

Create Dockerfile

Create a Dockerfile in the Normo Unsecure PWA directory:
FROM python:3.9-slim

WORKDIR /app

COPY . /app

RUN pip install flask

EXPOSE 5000

CMD ["python", "main.py"]
2

Build Docker Image

docker build -t normo-unsecure-pwa .
3

Run Container

docker run -p 5000:5000 normo-unsecure-pwa
4

Access Application

Open your browser and navigate to:
Network Isolation:
# Create isolated network
docker network create --internal normo-network

# Run container on isolated network
docker run --network normo-network -p 5000:5000 normo-unsecure-pwa
Volume Mounting (for development):
docker run -p 5000:5000 -v $(pwd):/app normo-unsecure-pwa
Stop and Remove Container:
docker ps  # Find container ID
docker stop <container_id>
docker rm <container_id>
Benefits: Lightweight, portable, consistent environments, easy cleanup, and native isolation from host system.

Virtual Machines

Virtual machines provide complete OS virtualization with full isolation from your host system, ideal for comprehensive security testing.

VirtualBox

Free, open-source virtualization for Windows, macOS, and Linux.

VMware Workstation

Professional-grade virtualization with advanced features.

Hyper-V

Built-in virtualization for Windows Pro and Enterprise.

Setup Instructions

1

Install VM Software

Download and install your preferred VM software (e.g., VirtualBox).
2

Download Ubuntu ISO

Download the latest Ubuntu Desktop ISO from ubuntu.com.
3

Create New VM

  • Allocate at least 2GB RAM and 20GB disk space
  • Set network adapter to NAT or Host-only for isolation
  • Mount the Ubuntu ISO
4

Install Ubuntu

Boot the VM and follow the Ubuntu installation wizard.
5

Install Dependencies

sudo apt update
sudo apt install python3 python3-pip git
6

Clone and Run Application

git clone https://github.com/NBHS-Software-Engineering/Normo_Unsecure_PWA.git
cd Normo_Unsecure_PWA
pip3 install flask
python3 main.py
7

Access from Host

If using NAT with port forwarding:
  • Configure port forwarding: Host port 5000 → Guest port 5000
  • Access via http://localhost:5000 on your host machine
If using Host-only network:
  • Access via VM’s IP address (check with ip addr)
Network Configuration: Use NAT or Host-only networking to ensure the VM cannot access your local network. Never use Bridged mode with vulnerable applications.
Take snapshots before testing to easily restore a clean state:
  1. Create baseline snapshot after initial setup
  2. Take snapshot before each major test
  3. Restore snapshot if system becomes compromised
  4. Delete old snapshots to save disk space
This allows you to quickly recover from any security incidents during testing.

Specialized Options

Ubuntu on USB

Run Ubuntu directly from a USB drive for complete hardware isolation from your main system.
1

Create Bootable USB

Use Rufus (Windows) or Etcher (macOS/Linux) to create a bootable Ubuntu USB with persistence.
2

Boot from USB

Restart your computer and select the USB drive from the boot menu (usually F12, F2, or DEL during startup).
3

Run in Try Mode or Install

Choose “Try Ubuntu” for temporary use or install to the USB for persistent storage.
4

Follow Ubuntu VM Instructions

Follow steps 5-6 from the Virtual Machine setup to deploy the application.
Benefits: Complete hardware isolation, no VM overhead, portable between machines, and leaves no trace on host system when powered off.

Qubes OS

Qubes OS is a security-focused operating system that uses virtualization to create isolated compartments (qubes) for different tasks.
1

Install Qubes OS

Download and install Qubes OS in a virtual machine or on dedicated hardware. Review system requirements.
2

Create Testing Qube

Create a new AppVM (Qube) specifically for security testing:
qvm-create --label red testing-qube --template debian-11
3

Install Dependencies in Qube

sudo apt update
sudo apt install python3 python3-pip git
4

Deploy Application

Clone and run the Normo Unsecure PWA within the isolated testing qube.
Qubes OS has a steep learning curve and specific hardware requirements. It’s recommended for advanced users who need maximum security isolation.

Verifying Your Setup

After setting up your sandbox, verify it’s working correctly:
1

Check Application Access

Navigate to the appropriate URL:
2

Verify Network Isolation

Ensure the sandbox cannot access your local network or external resources unless intended.
3

Test Basic Functionality

Try registering a user and logging in to confirm the application is running correctly.
4

Prepare Testing Tools

Install and configure any security testing tools you plan to use (SAST, DAST, penetration testing).

URL Considerations for Testing

Many resources in .student_resources assume the app is running locally at http://127.0.0.1:5000.If you’re testing remotely (e.g., teacher-hosted app for black-box testing):
  • Update HTML/JS examples to use the remote URL
  • Adjust CORS settings if testing cross-origin requests
  • Ensure proper network access between tester and hosted app
Example URL patterns:
  • Local: http://127.0.0.1:5000
  • LAN: http://10.185.x.x:5000 (where x.x is the LAN IP)
  • Codespaces: https://{random-name}.app.github.dev
  • VM with NAT: http://localhost:5000 (with port forwarding)

Next Steps

Best Practices

Learn essential safety guidelines and testing methodologies for your sandbox environment.

Security Testing

Begin your security assessment with SAST, DAST, and penetration testing approaches.

Build docs developers (and LLMs) love

Get started for freeTalk to us