GitHub - ScaleSec/vulnado: Purposely vulnerable Java application to help lead secure coding workshops

Join GitHub today

GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.

Purposely vulnerable Java application to help lead secure coding workshops

Permalink

Name	Latest commit message	Commit time
Failed to load latest commit information.
.mvn/wrapper	initial commit	Feb 13, 2019
client	Added XSS exercise	Feb 21, 2019
exercises	Updated main readme instructions and architecture to include client	Feb 21, 2019
internal_site	Updated message in login, added SSRF exercise	Feb 15, 2019
reverse_shell	Updated region and added tf wrapper	May 10, 2019
src	Added supplementary ssrf endpoint	Feb 21, 2019
.gitignore	Updated region and added tf wrapper	May 10, 2019
Dockerfile	Added rce/reverse shell exercise	Feb 15, 2019
LICENSE	Create LICENSE	Jul 18, 2019
README.md	Updated region and added tf wrapper	May 10, 2019
docker-compose.yml	Added XSS exercise	Feb 21, 2019
mvnw	initial commit	Feb 13, 2019
mvnw.cmd	initial commit	Feb 13, 2019
pom.xml	Added XSS exercise	Feb 21, 2019

This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.

Up and running

Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one.
git clone git://github.com/ScaleSec/vulnado
cd vulnado
docker-compose up
Open a browser and navigate to the client to make sure it's working: http://localhost:1337
Then back in your terminal verify you have connection to your API server: nc -vz localhost 8080

Architecture

The docker network created by docker-compose maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.

Join GitHub today

Up and running

Architecture

Exercises