sasanlabs / vulnerableapp-jsp Goto Github PK
View Code? Open in Web Editor NEWVulnerable Application specifically containing vulnerabilities related to jsp.
License: Apache License 2.0
vulnerableapp-jsp's People
Contributors
Stargazers
Watchers
vulnerableapp-jsp's Issues
Add contributing guidelines and how to run this project
There is no details on how to run this project and how to do the changes. Also there are no contributing guidelines. Please add them.
Debugger configuration and IDE support
VulnerableApp-jsp is in very initial phase and we are building this project manually by running ./gradlew build
and then starting docker to start the project.
For development, it is quite tedious and there is no way to debug the code.
Solution
- Adding the IDE setup for the project, using tomcat
- Clear guidelines to set up the IDE
- Adding support for debugging.
Integrating a simple framework on outlining how to add vulnerabilities
Currently this project is at a very initial state and there is not mention on how to write vulnerabilities so that it can scale. Add those details such that it is easier for someone to follow and add those.
Add scanner endpoint to the application
Every application which ties to Owasp VulnerableApp-Facade/VulnerableApp has a scanner endpoint that exposes information about VulnerableApplication which will be used by DAST tools like OWASP ZAP.
we already exposed this information in Owasp VulnerableApp: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java#L91
we would like to expose similar information. If you want to look at how it works then start OWASP VulnerableApp-facade application using https://github.com/SasanLabs/VulnerableApp-facade#simple-start and then visit: http://localhost/VulnerableApp/scanner endpoint, you will see the JSON exposed. we need a similar JSON structure from VulnerableApp-jsp as well.
Adding logger integration
We are currently using println logs which is not right as it gets removed once we close the terminal. we can do the log4j integration with the project.
A github action to publish the docker images
Currently we don't have a continuous deployment pipeline for deploying new docker images on merging the PR. So we should have a github action which publish latest version with each PR merge and a master github action to publish a newer release version.
Sample github action: https://github.com/SasanLabs/VulnerableApp-facade/blob/main/.github/workflows/docker.yml
Write design documentations and readme
There is no information about VulnerableApp-jsp and how it is used. please add all these details.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.