{"id":18798160,"url":"https://github.com/sasanlabs/vulnerableapp-jsp","last_synced_at":"2025-04-13T17:12:48.843Z","repository":{"id":55114524,"uuid":"321738243","full_name":"SasanLabs/VulnerableApp-jsp","owner":"SasanLabs","description":"Vulnerable Application specifically containing vulnerabilities related to jsp.","archived":false,"fork":false,"pushed_at":"2023-02-04T22:54:50.000Z","size":5150,"stargazers_count":8,"open_issues_count":4,"forks_count":11,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-27T08:03:45.952Z","etag":null,"topics":["appsec","burpsuite","docker","hacktoberfest","jsp","owasp","sasanlabs","vulnerableapp","vulnerableapp-facade","vulnerableapp-facade-schema"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SasanLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-15T17:20:16.000Z","updated_at":"2024-08-04T06:26:19.000Z","dependencies_parsed_at":"2023-02-18T20:01:04.557Z","dependency_job_id":null,"html_url":"https://github.com/SasanLabs/VulnerableApp-jsp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SasanLabs%2FVulnerableApp-jsp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SasanLabs%2FVulnerableApp-jsp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SasanLabs%2FVulnerableApp-jsp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SasanLabs%2FVulnerableApp-jsp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SasanLabs","download_url":"https://codeload.github.com/SasanLabs/VulnerableApp-jsp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248750126,"owners_count":21155687,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","burpsuite","docker","hacktoberfest","jsp","owasp","sasanlabs","vulnerableapp","vulnerableapp-facade","vulnerableapp-facade-schema"],"created_at":"2024-11-07T22:11:06.322Z","updated_at":"2025-04-13T17:12:48.820Z","avatar_url":"https://github.com/SasanLabs.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ![VulnerableApp-jsp](https://raw.githubusercontent.com/SasanLabs/VulnerableApp/master/docs/logos/Coloured/iconColoured.png) VulnerableApp-jsp\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) [![](https://img.shields.io/twitter/follow/sasan_karan?style=flat\u0026logo=twitter)](https://twitter.com/intent/follow?screen_name=sasan_karan)\n\nVulnerableApp-jsp is a Vulnerable Application containing vulnerabilities specific to JSP technology stack. It is part of the farm of Vulnerable Applications provided by [SasanLabs](https://github.com/SasanLabs). This Vulnerable Application utilises the facilities provided by [Owasp VulnerableApp-Facade](https://github.com/SasanLabs/VulnerableApp-facade) and it is just exposing bunch of Api's which are vulnerable to various attacks.\nUser Interface for VulnerableApp-jsp is provided by [Owasp VulnerableApp-Facade](https://github.com/SasanLabs/VulnerableApp-facade).\n\n## How to run the project\nAs VulnerableApp-jsp doesn't provide user interface and relies on [Owasp VulnerableApp-facade](https://github.com/SasanLabs/VulnerableApp-facade) hence you need to start it using instructions: [VulnerableApp-Facade simple start](https://github.com/SasanLabs/VulnerableApp-facade#simple-start)\n\n## How to contribute to the project\nThere are 2 ways to build and run this project:\n1. For building the project from source code:\n```\n1. Install [Apache Tomcat Server](https://tomcat.apache.org/download-90.cgi)\n2. Execute following command for project root: `./gradlew war` \n3. Navigate to `build/libs/`\n4. Move the *.war file to `tomcat/webapps/` directory\n5. Start Apache Tomcat Server\n```\n2. For building the docker image and then using [VulnerableApp-Facade](https://github.com/SasanLabs/VulnerableApp-facade#simple-start) to test the working of the application.\n```\n1. Build the docker image with command: docker buildx build --platform linux/amd64,linux/arm64,linux/ppc64le -t  sasanlabs/owasp-vulnerableapp-jsp:latest . --push\n2. Navigate to VulnerableApp-Facade and run it as described in VulnerableApp-Facade#simple-start\n```\n### Api structure for testing:\nGeneral URL pattern we follow for api's is:\n`http://\u003cbaseurl\u003e:\u003cport\u003e/VulnerableApp-jsp/\u003cVulnerability type\u003e/\u003cVulnerability level\u003e`\n#### Example URL:\n`http://\u003cbaseurl\u003e:\u003cport\u003e/VulnerableApp-jsp/FileUpload/LEVEL_1`\n  \n## Contact\nPlease raise a github issue for enhancement/issues in VulnerableApp-jsp or send email to karan.sasan@owasp.org regarding queries\nwe will try to resolve issues asap.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsasanlabs%2Fvulnerableapp-jsp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsasanlabs%2Fvulnerableapp-jsp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsasanlabs%2Fvulnerableapp-jsp/lists"}