sasanlabs / vulnerableapp-jsp Goto Github PK
View Code? Open in Web Editor NEWVulnerable Application specifically containing vulnerabilities related to jsp.
License: Apache License 2.0
Vulnerable Application specifically containing vulnerabilities related to jsp.
License: Apache License 2.0
There is no details on how to run this project and how to do the changes. Also there are no contributing guidelines. Please add them.
VulnerableApp-jsp is in very initial phase and we are building this project manually by running ./gradlew build
and then starting docker to start the project.
For development, it is quite tedious and there is no way to debug the code.
Solution
Currently this project is at a very initial state and there is not mention on how to write vulnerabilities so that it can scale. Add those details such that it is easier for someone to follow and add those.
Every application which ties to Owasp VulnerableApp-Facade/VulnerableApp has a scanner endpoint that exposes information about VulnerableApplication which will be used by DAST tools like OWASP ZAP.
we already exposed this information in Owasp VulnerableApp: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java#L91
we would like to expose similar information. If you want to look at how it works then start OWASP VulnerableApp-facade application using https://github.com/SasanLabs/VulnerableApp-facade#simple-start and then visit: http://localhost/VulnerableApp/scanner endpoint, you will see the JSON exposed. we need a similar JSON structure from VulnerableApp-jsp as well.
We are currently using println logs which is not right as it gets removed once we close the terminal. we can do the log4j integration with the project.
Currently we don't have a continuous deployment pipeline for deploying new docker images on merging the PR. So we should have a github action which publish latest version with each PR merge and a master github action to publish a newer release version.
Sample github action: https://github.com/SasanLabs/VulnerableApp-facade/blob/main/.github/workflows/docker.yml
There is no information about VulnerableApp-jsp and how it is used. please add all these details.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.