Skip to content
/ very_insecure_app Public

A deliberately insecure web application to train in XSS and Injection vulnerabilities.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CS3103-AY2021S1-G12/very_insecure_app

BranchesTags

Repository files navigation

A Dummy's Guide to Cybersecurity Excellence

Group Members (CS3103 Group 12)

  • Huang Weijie
  • Keloysius Mak
  • Lim Haw Jia
  • Shawn Chew

Overview

This is a deliberately vulnerable web application, created with the intention of teaching cybersecurity beginners the basics of XSS and Injection Attacks.

The live-hosted application can be found here

DISCLAIMER: Duck DNS may not accessible from within the NUS network

Quickstart

  • If using Docker (recommended):

    1. Run docker-compose up --build

    2. Access the website at localhost:80

  • Without Docker:

    1. Run a PostgreSQL database locally.

    2. Apply the SQL in db/schema.sql to the Postgres database. The application will connect to the default postgres database.

    3. Run npm i to install dependencies if it is the first time running the project.

    4. Run npm run build.

    5. Run the following command to start the server.

          PGUSER=readonly_user \
    PGHOST=localhost \
    PGPASSWORD=very_insecure_password \
    PGDATABASE=postgres \
    PGPORT=<YOUR_POSTGRES_PORT> npm run start

    6. Access the website at localhost:3000

About

A deliberately insecure web application to train in XSS and Injection vulnerabilities.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages