Comments (9)
Hi, update your Node version to v0.12.x and it should work. I'm using v0.12.2.
from nodegoat.
@binarymist The errors on npm install
appear to be just warnings.
When you ran grunt db-reset:development
, did you have a local DB mongod running or have a remote DB path set in config/env/development.js
? It is required for db-reset
to run properly.
I have updated README.md with "Create and populate Mongo DB" section to make it more clear.
I don't think your node and npm need to be upgraded, but let us know how it goes.
from nodegoat.
ping @binarymist? :)
from nodegoat.
There was a lot of setup work for this to work. I may come back to this, but it's a shame it doesn't work out of the box.
Cheers.
from nodegoat.
@binarymist We can possibly create a VM that comes with everything packaged together. Besides that, based on your experience with other OWASP or external project of similar kind, can you share ideas on how we could minimize the setup part?
With respect to nodegoat, I am sure user would already have or won't mind installing node and required npm packages. Unfortunately, these type of apps need some backend database to demonstrate injection attacks, and I see installing mongo db could be a pain point. To make it easier, the project supports using a remote db, just by adding its url in the config file. One can create a remote mongo db in few minutes on service as mongolab to eliminate local installation.
I am sure, there is always room for improvement, and any suggestion or PR are welcome.
Cheers.
from nodegoat.
Yeah, I think the uptake may be slow without a turn-key solution (bit like owaspbwa). Most people just can't be bothered. I've spent the last couple of weeks in security research and using a bunch of pen test tools. Many of which require some setup and many of which don't even work. This is really frustrating, but sadly quite common. From experience Node projects seem to be even worse.
In saying that, we really do need a Node vulnerable web app and it'd something I'd really like to help with code wise, as I'm fairly intimate with JavaScript and NodeJS. I was hoping to take this to the workshop I just ran at CampJS in Melbourn, but couldn't afford spending the time on this with an unknown outcome. Instead I created the Holistic InfoSec for Web Developers workshop. Time is a problem for me currently though as I'm currently working on my text talk and demo at WDCNZ along with a ton of other stuff. I'll see how much time I get after WDCNZ. I'm thinking of submitting a few more talks this year, but if you think you could use a hand with this, maybe I could help out instead. Thoughts?
from nodegoat.
We use Docker and provide Vagrant (if thats your preferred method of managing docker instances) over at the Railsgoat project. Seems to work well and address the providing a VM issue.
from nodegoat.
@binarymist Yes, I agree that painful setup can be a major barrier for project uptake. Based on your feedback, I have added a One-Click heroku deploy option, which requires zero setup. Please go over updated README and let me know your thoughts.
The workshops you are doing are impressive, and valuable as targeted mainly for developers. Keep it up. Along the way if you feel NodeGoat could be leveraged (with any further improvements), feel free to let us know, or contribute if time permits.
@cktricky , thanks for sharing info on usage of Dockers for RailsGoat. I will check that out. We already have an issue #53 added by @DinisCruz , proposing implementation on similar lines. A discussion is also ongoing on project slack channel. The RailsGoat implementation is useful for reference in this regard, and I will get in touch with you if any more details needed. Thanks!
from nodegoat.
Closing the issue now. Please use slack or gitter chat if any comments / feedback
from nodegoat.
Related Issues (20)
- Lerna Implementation
- React and Express API app
- Restore A9 Insecure Components vulnerability HOT 6
- There is no 404 page. HOT 3
- livereload.js making tests run slower HOT 2
- Webinterface: Wording HOT 1
- Heroku - mLab MongoDB Add-on Discontinued HOT 5
- docker_compose.yml doesn't set MONGODB_URI HOT 1
- Travis config warnings HOT 2
- NodeGoat Research page SSRF also enables DoS HOT 1
- purpleteam now at alpha HOT 2
- Unexpected path traversal vulnerability HOT 3
- A9 - Wrong url, to be removed HOT 1
- Broken XSS example
- Missing anchors in validation regular expression HOT 1
- Node Goat Herokuapp Application Error HOT 1
- Not working with MongoDB 5 HOT 4
- Setup Issue HOT 8
- Tutorial Guide page is not working HOT 4
- OpenAPI documentation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodegoat.