Git Product home page Git Product logo

Vulnerable Java Web Application

This repository provides a simple and self-contained Java web application with security flaws common to mid-00's legacy projects that have not been updated.

The application uses Spring Boot and an embedded H2 database that resets every time it starts. If you break it just restart and everything will be reset.

The application will run on HTTPS port 9000. If this port is not available you will need to change the application.properties file on the source folder with the new one. (if you are using docker you just need to map the container's 9000 port to another port in the host).

Running the application manually

If you have a Java 8 + Maven 3.x development environment, just import the project on your IDE and run the class com.github.rafaelrpinto.vulnerablejavawebapp.config.AppLauncher.

Running with docker

If your workstation is not configured for Java 8 development the easiest way to run the application is with Docker.

# gets the code
git clone https://github.com/rafaelrpinto/VulnerableJavaWebApplication
cd VulnerableJavaWebApplication

# creates the docker image
docker build -t vulnerable-java-application:0.1 .

# creates/starts the container
docker run --name vulnerable-java-application -p 9000:9000 -d vulnerable-java-application:0.1

Testing the application with Arachni and ModSecurity

The ARACHNI.MD file has an example of default security scan with automatic login and other tweaks enabled. For more scanning options check https://github.com/Arachni/arachni.

The ModSecurity scripts to protect this application are available in my other repository.

The article that I wrote explaining how to use Arachni to check this application is available on linkedin.

If is there any problem running the application or you want to add more security flaws, feel free to open an issue or send a pull request.

prevelate's Projects

dvia-v2 icon dvia-v2

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.

igoat-swift icon igoat-swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.