Leaky Ledger is a fake bank application that is meant to be hacked for educational purposes.

You can visit this guide to reveal the vulnerabilities present in version 1.0 of the Leaky Ledger app.

• Command palette (⇧⌘P) > Dev Containers: Reopen in Container
• F5 for debug
  • May need to select interpreter (e.g., /opt/venv/bin/python) first

• Copy .env.example to .env and change default values
• Open localhost after starting via Docker or locally

• Install Docker (Compose) of course!

# build docker image and start containers
docker-compose up -d --build

# exec into container
docker exec -it leaky-ledger bash

# stop containers
docker-compose stop

# tear down containers, volumes, networks
docker-compose down

• At minimum, still need a PostgreSQL server running
  • Easiest to spin one up with existing creds + Docker

docker run \
    --name=mypostgres -d \
    -it \
    --rm \
    --env-file=.env \
    -p 5432:5432 \
    postgres

• Local bits

# create virtual environment
python -m venv .venv

# activate virtual environment
source .venv/bin/activate

# install dependencies
python -m pip install -r requirements.txt

# start web server
./startup.sh

• NOTE
  • Won't serve images without reverse proxy
  • And/or hacking Django settings.py
  • Appears to hydrate after a first run from Docker
    • Could be a local issue 🤔

• Issues
• Add more documentation
  • asdf
  • poetry
• Test devcontainer
• CI/CD
  • Terraform ❤️

• Docker Compose with NginX, Django, Gunicorn and multiple Postgres databases_docker_weixin_0010034-云原生
• How to Use the Postgres Docker Official Image | Docker
• Configuring HTTPS servers
• Dockerizing Django with Postgres, Gunicorn, and Nginx | TestDriven.io
• Deploying a Django application in Docker with Nginx | by Charlie Bishop | Medium
• Deploying a Django application in Docker with Nginx
• bitnami/containers: Bitnami container images
• Generates self-signed certs for local development