https://github.com/contrast-security-oss/demo-nodegoat
https://github.com/contrast-security-oss/demo-nodegoat
Last synced: over 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/contrast-security-oss/demo-nodegoat
- Owner: Contrast-Security-OSS
- License: apache-2.0
- Created: 2020-08-27T16:40:05.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-20T14:13:50.000Z (over 2 years ago)
- Last Synced: 2025-03-16T03:45:00.228Z (over 1 year ago)
- Language: HTML
- Size: 957 KB
- Stars: 1
- Watchers: 9
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# NodeGoat: A deliberately insecure Node.js web application
This sample application is based on https://github.com/OWASP/NodeGoat.git.
**Warning**: The computer running this application will be vulnerable to attacks, please take appropriate precautions.
# Running standalone
You can run NodeGoat locally on any machine with Node.js LTS installed.
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Run `npm install @contrast/agent` for Assess or `npm install @contrast/protect-agent` for Protect .
1. Create Mongo DB:
* If using local Mongo DB instance, start [mongod](http://docs.mongodb.org/manual/reference/program/mongod/#bin.mongod).
* Update the `db` property in file `config/env/development.js` to reflect your DB setup. (in format: `mongodb://localhost:27017/`)
1. Populate MongoDB with seed data required for the app
* Run the `npm run db:seed` to populate the DB with seed data required for the application. Pass the desired environment as argument. If not passed, "development" is the default.
1. Start the server using `npm start`, the Contrast agent will already be enabled.
1. Browse the application at http://localhost:4000/NodeGoat/
# Running in Docker
You can run NodeGoat within a Docker container.
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Build the NodeGoat container image using `docker-compose build`. The Contrast v4 (Assess) agent is added automatically during the Docker build process.
1. Run the container using `docker-compose up`, this will start a local mongodb container and the web server together.
1. Browse the application at http://localhost:4000/NodeGoat/
# Running in Azure (Azure App Service):
## Pre-Requisites
1. Place a `contrast_security.yaml` file into the application's root folder.
1. Install Terraform from here: https://www.terraform.io/downloads.html.
1. Install PyYAML using `pip install PyYAML`.
1. Install the Azure cli tools using `brew update && brew install azure-cli`.
1. Log into Azure to make sure you cache your credentials using `az login`.
1. Edit the [variables.tf](variables.tf) file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.
1. Run `terraform init` to download the required plugins.
1. Run `terraform plan` and check the output for errors.
1. Run `terraform apply` to build the infrastructure that you need in Azure, this will output the web address for the application.
1. Run `terraform destroy` when you would like to stop the app service and release the resources.
## Updating the Docker Image
You can re-build the docker image by running two scripts in order:
* image.sh
* deploy.sh
## License
Code licensed under the [Apache License v2.0.](http://www.apache.org/licenses/LICENSE-2.0)