Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ScaleSec/vulnado

Purposely vulnerable Java application to help lead secure coding workshops
https://github.com/ScaleSec/vulnado

Last synced: 3 months ago
JSON representation

Purposely vulnerable Java application to help lead secure coding workshops

Awesome Lists containing this project

README 

        
# Vulnado - Intentionally Vulnerable Java Application



This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.



## Up and running



1. Install Docker for [MacOS](https://hub.docker.com/editions/community/docker-ce-desktop-mac) or [Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows). You'll need to create a Docker account if you don't already have one.

2. `git clone git://github.com/ScaleSec/vulnado`

3. `cd vulnado`

4. `docker-compose up`

5. Open a browser and navigate to the client to make sure it's working: [http://localhost:1337](http://localhost:1337)

6. Then back in your terminal verify you have connection to your API server: `nc -vz localhost 8080`



## Architecture



The docker network created by `docker-compose` maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.



![](exercises/assets/arch.png)



## Exercises



* [SQL Injection](exercises/01-sql-injection.md)

* [XSS - Cross Site Scripting](exercises/02-xss.md)

* [SSRF - Server Side Request Forgery](exercises/03-ssrf.md)

* [RCE - Remote Code Execution & Reverse Shell](exercises/04-rce-reverse-shell.md)