A 3-tier diagnostic application designed for hands-on learning about securing AI systems across identity, network, application, and content safety domains.
SAIF's interactive diagnostic dashboard with security assessment tools
Deploy SAIF to Azure with complete automation - true 1-click deployment:
git clone https://github.com/jonathan-vella/SAIF.git
cd SAIF\scripts
.\Deploy-SAIF-v1.ps1âś… Includes: Infrastructure + Container builds + App configuration + Monitoring setup
After infrastructure deployment, complete setup:
git clone https://github.com/jonathan-vella/SAIF.git
cd SAIF\scripts
.\Update-SAIF-Containers.ps1 -ResourceGroupName "your-rg-name"đź“– Complete Deployment Guide
SAIF is an intentionally insecure application that provides a platform for students to identify security gaps and implement remediation strategies. The application consists of:
- Web Frontend: PHP-based diagnostic interface
- API Backend: Python REST API with various diagnostic endpoints
- Database: SQL Server database for data storage and queries
graph LR
User((User)) --> Web
Web --> API
API --> DB
subgraph "SAIF Application"
Web["Web Frontend<br/>(PHP 8.2)"]
API["API Backend<br/>(Python FastAPI)"]
DB[(Database<br/>SQL Server)]
end
classDef component fill:#0078D4,stroke:#005A9E,color:white,rx:5px,ry:5px;
classDef database fill:#0078D4,stroke:#005A9E,color:white,rx:10px,ry:10px;
classDef user fill:#5C5C5C,stroke:#5C5C5C,color:white;
class Web,API component;
class DB database;
class User user;
The application uses Docker containers for all components:
- Web Frontend: PHP 8.2 container
- API Backend: Python FastAPI container
- Database: SQL Server container (development) / Azure SQL Database (production)
When deployed to Azure, the application can use:
- Web Frontend: Containerized App Service or Azure Container Apps
- API Backend: Containerized App Service or Azure Container Apps
- Database: Azure SQL Database
Run SAIF locally using Docker Compose:
docker-compose up
# Access at http://localhost:8080SAIF features true 1-click deployment with complete automation:
Fully Automated (Recommended):
.\scripts\Deploy-SAIF-v1.ps1Infrastructure + Manual Container Build:
- Use Deploy to Azure button (see above)
- Run
.\scripts\Update-SAIF-Containers.ps1to build and deploy containers
For detailed deployment instructions, see DEPLOY.md.
This application contains multiple security vulnerabilities for students to identify and fix, including:
- Identity and Access Management vulnerabilities
- Network security gaps
- Application security issues
- Data protection weaknesses
- API security concerns
- Content safety risks
| Resource | Purpose | Link |
|---|---|---|
| Student Consolidated Quality Checklist | Single source of truth for per‑challenge quality expectations & pre‑flight review | QUALITY-CHECKLIST |
| Coach Red Flags Guide | Rapid assessment of common weak submission patterns | Coach Red Flags |
| Scoring Sheet Template | Lightweight, repeatable rubric capture & notes | Scoring Sheet |
| Scoring CSV Export Script | Parse markdown scoring sheet to CSV for aggregation | scripts/Export-ScoringSheet.ps1 |
| Multi-Sheet Aggregator | Combine multiple team scoring sheets & totals | scripts/Aggregate-ScoringSheets.ps1 |
| GitHub Action (Aggregation) | Automated artifact build of combined scores | .github/workflows/scoring-aggregation.yml |
| JSON Export Support | Structured data for automation / dashboards | Use -JsonPath or -IncludeJson on scripts |
| Summary Dashboard | Markdown & HTML ranking with stats (percentile=better) | Aggregate-ScoringSheets.ps1 -GenerateSummary |
| Docs Linter Script | Optional pre‑commit validation of challenge docs | scripts/Invoke-DocsLint.ps1 |
Additions for new challenges should include: a "Quality Checklist" link, a "Submission Artifacts" section, and authoritative references. The linter can help enforce this.
- Deployment: Deploy the insecure application
- Discovery: Identify security vulnerabilities
- Remediation: Implement fixes for the discovered issues
- Verification: Confirm that the security improvements are effective
graph TD
title(SAIF Repository Structure)
%% Root structure
Root(SAIF Repository) --> API(/api)
Root --> Web(/web)
Root --> Infra(/infra)
Root --> Scripts(/scripts)
Root --> Docs(/docs)
Root --> GitHub(.github)
Root --> DockerCompose(docker-compose.yml)
Root --> DeployMD(DEPLOY.md)
Root --> ReadmeMD(README.md)
Root --> InitDB(init-db.sql)
%% API structure
API --> AppPy(app.py)
API --> APIDockerfile(Dockerfile)
API --> Requirements(requirements.txt)
API --> EnvExample(.env.example)
API --> APIReadme(README.md)
%% Web structure
Web --> IndexPHP(index.php)
Web --> ProxyPHP(proxy.php)
Web --> APIProxyPHP(api-proxy.php)
Web --> WebDockerfile(Dockerfile)
Web --> Assets(/assets)
Web --> Htaccess(.htaccess)
Web --> ApacheConfig(apache-config.conf)
Web --> WebReadme(README.md)
%% Web Assets structure
Assets --> CSS(/css)
Assets --> IMG(/img)
Assets --> JS(/js)
%% Infra structure
Infra --> MainBicep(main.bicep)
Infra --> AzureDeploy(azuredeploy.json)
Infra --> MainParams(main.parameters.json)
Infra --> AzureParams(azuredeploy.parameters.json)
Infra --> Metadata(metadata.json)
%% Scripts structure
Scripts --> DeployComplete(Deploy-SAIF-v1.ps1)
Scripts --> UpdateContainers(Update-SAIF-Containers.ps1)
Scripts --> TestLocal(Test-SAIFLocal.ps1)
%% Docs structure
Docs --> DeploymentDoc(hackathon/hacker-assets/deployment.md)
Docs --> SecurityDoc(security-challenges.md)
Docs --> InfraImprovements(infrastructure-improvements.md)
%% GitHub structure
GitHub --> CopilotInstructions(copilot-instructions.md)
%% Styling
classDef folder fill:#f9d75e,stroke:#333,color:black;
classDef file fill:#78b2f2,stroke:#333,color:black;
classDef component fill:#91ca76,stroke:#333,color:black;
%% Apply classes
class API,Web,Infra,Scripts,Docs,Assets,CSS,IMG,JS,GitHub folder;
class DockerCompose,Requirements,DeployMD,ReadmeMD,InitDB,APIDockerfile,WebDockerfile,MainBicep,AzureDeploy,MainParams,AzureParams,Metadata,DeployComplete,UpdateContainers,TestLocal,DeploymentDoc,SecurityDoc,InfraImprovements,CopilotInstructions,AppPy,IndexPHP,ProxyPHP,APIProxyPHP,Htaccess,ApacheConfig,EnvExample,APIReadme,WebReadme file;
/api: Python FastAPI backend with containerizationapp.py: Main FastAPI application with security challenge endpointsDockerfile: Container configuration for API servicerequirements.txt: Python dependencies.env.example: Environment variable templateREADME.md: API component documentation
/web: PHP web frontend with containerizationindex.php: Main web interface for interacting with APIproxy.php&api-proxy.php: API communication handlersDockerfile: Container configuration for web service.htaccess&apache-config.conf: Apache server configuration/assets: Static resources (CSS, JavaScript, images)README.md: Web component documentation
/infra: Complete Azure infrastructure as codemain.bicep: Main Bicep template with full automationazuredeploy.json: ARM template for Deploy to Azure buttonmain.parameters.json&azuredeploy.parameters.json: Parameter files for different environmentsmetadata.json: Azure QuickStart template metadata
/scripts: Fully automated PowerShell deployment scriptsDeploy-SAIF-v1.ps1: End-to-end automated deploymentUpdate-SAIF-Containers.ps1: Container build and deployment updatesTest-SAIFLocal.ps1: Local development testing script
/docs: Comprehensive documentation and guideshackathon/hacker-assets/deployment.md: Detailed deployment instructionssecurity-challenges.md: Security vulnerability documentationinfrastructure-improvements.md: Infrastructure enhancement details
/.github: GitHub configuration and templatescopilot-instructions.md: GitHub Copilot coding guidelines
docker-compose.yml: Local development environmentDEPLOY.md: Complete deployment guide with automation detailsinit-db.sql: Database initialization script
- Azure subscription
- Azure CLI
- PowerShell 7.0+
- Docker and Docker Compose (for local development)
- Visual Studio Code (recommended)
MIT
To automatically run the docs linter before each commit:
git config core.hooksPath .githooksDisable again by resetting:
git config --unset core.hooksPath