Giter Site home page Giter Site logo

matt- / vulnerableapp Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sasanlabs/vulnerableapp

0.0 1.0 0.0 41 MB

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

Home Page: https://sasanlabs.github.io/VulnerableApp/

License: Apache License 2.0

Java 87.20% HTML 3.25% JavaScript 6.26% CSS 3.29%

vulnerableapp's Introduction

VulnerableApp

OWASP Incubator License Java CI with Gradle PRs Welcome

As Web Applications are becoming popular these days, there comes a dire need to secure them. Although there are several Vulnerability Scanning Tools, however while developing these tools, developers need to test them. Moreover, they also need to know how well is the Vulnerability Scanning tool performing. As of now, there are little or no such vulnerable applications existing for testing such tools. There are Deliberately Vulnerable Applications existing in the market but they are not written with such an intent and hence lag extensibility, e.g. adding new vulnerabilities is quite difficult. Hence, the developers resort to writing their own vulnerable applications, which usually causes productivity loss and the pain to rework.

VulnerableApp is built keeping these factors in mind. This project is scalable, extensible, easier to integrate and easier to learn. As solving the above issue requires addition of various vulnerabilities, hence it becomes a very good platform to learn various security vulnerabilities.

Owasp Vulnerable Graphic Representation

Future Goal

Going further, this application might becomes a database for vulnerabilities. Hence, in future, it can be used for hosting CTFs and can also become a compliance/benchmark for Vulnerability Scanning tools.

Project Setup

Setup Guide

Technologies used

  • Java8
  • Spring Boot
  • Vanilla Javascript

Note: we are not limited to these technologies and if required, open to expand to other technologies.

Currently handled Vulnerability types

  1. JWT Vulnerability
  2. Command Injection
  3. File Upload Vulnerability
  4. Path Traversal Vulnerability
  5. SQL Injection
    1. Error Based SQLi
    2. Union Based SQLi
    3. Blind SQLi
  6. XSS
    1. Persistent XSS
    2. Reflected XSS
  7. XXE

Contributing to Project

Contributing to open source is always good from learning perspective as open source is the community to collaborate and grow together.

We really appreciate contributions to this project. As this project is in it's initial phase, we have not set any guidelines. So, feel free to shoot a mail at [email protected] or raise an issue and we will try our best to onboard you to this project. If you are already onboarded, we actively welcome your Pull Requests. Visit Design Documentation for internal implementation details.

You can also raise an issue, in case you are looking for learning some kind of vulnerability which is not present in VulnerableApp. We will try to add that vulnerability ASAP!

Documentation in other languages

  1. Russian
  2. Chinese
  3. Hindi
  4. Punjabi

Contact

Please raise an issue or send an email to [email protected] for any queries. We will try to resolve the issues ASAP.

Other details

  1. Documentation
  2. Owasp VulnerableApp
  3. Overview Video

Blogs

  1. Overview of Owasp-VulnerableApp - Medium article
  2. Overview of Owasp-VulnerableApp - Blogspot post

vulnerableapp's People

Contributors

preetkaran20 avatar nimanita avatar hemantgs avatar hritikgupta avatar devabhishekpal avatar mt-gitlocalize avatar fengyuanyang avatar pavluchenko avatar hexxdump avatar matt- avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.