Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ScaleSec/vulnado
Purposely vulnerable Java application to help lead secure coding workshops
https://github.com/ScaleSec/vulnado
Last synced: 21 days ago
JSON representation
Purposely vulnerable Java application to help lead secure coding workshops
- Host: GitHub
- URL: https://github.com/ScaleSec/vulnado
- Owner: ScaleSec
- License: other
- Created: 2019-02-14T22:42:29.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-06-24T16:50:55.000Z (6 months ago)
- Last Synced: 2024-08-05T17:27:06.041Z (4 months ago)
- Language: Java
- Size: 766 KB
- Stars: 162
- Watchers: 18
- Forks: 641
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - ScaleSec/vulnado - Purposely vulnerable Java application to help lead secure coding workshops (Java)
README
# Vulnado - Intentionally Vulnerable Java Application
This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.
## Up and running
1. Install Docker for [MacOS](https://hub.docker.com/editions/community/docker-ce-desktop-mac) or [Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows). You'll need to create a Docker account if you don't already have one.
2. `git clone git://github.com/ScaleSec/vulnado`
3. `cd vulnado`
4. `docker-compose up`
5. Open a browser and navigate to the client to make sure it's working: [http://localhost:1337](http://localhost:1337)
6. Then back in your terminal verify you have connection to your API server: `nc -vz localhost 8080`## Architecture
The docker network created by `docker-compose` maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.
![](exercises/assets/arch.png)
## Exercises
* [SQL Injection](exercises/01-sql-injection.md)
* [XSS - Cross Site Scripting](exercises/02-xss.md)
* [SSRF - Server Side Request Forgery](exercises/03-ssrf.md)
* [RCE - Remote Code Execution & Reverse Shell](exercises/04-rce-reverse-shell.md)