GithubHelp home page GithubHelp logo

dvna-sqlite's Introduction

Damn Vulnerable NodeJS Application (DVNA)

dvna-logo

Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at fixes-2017 branch.

The application is powered by commonly used libraries such as express, passport, sequelize, etc.

The application comes with a developer friendly comprehensive guidebook which can be used to learn, avoid and fix the vulnerabilities. The guide available at https://appsecco.com/books/dvna-developers-security-guide/ covers the following

  1. Instructions for setting up DVNA
  2. Instructions on exploiting the vulnerabilities
  3. Vulnerable code snippets and instructions on fixing vulnerabilities
  4. Recommendations for avoid such vulnerabilities
  5. References for learning more

The blog post for this release is at https://blog.appsecco.com/damn-vulnerable-nodejs-application-dvna-by-appsecco-7d782d36dc1e

Getting Started (SQLite)

  • Start the application using below docker command
docker run --name dvna -p 9090:9090 -d appsecco/dvna:sqlite

TODO

  • Link commits to fixes in documentation
  • Add new vulnerabilities from OWASP Top 10 2017
  • Improve application features, documentation

Contributing

In case of bugs in the application, please create an issue on github. Pull requests are highly welcome!

Thanks

Abhisek Datta - abhisek for application architecture and front-end code

License

MIT

dvna-sqlite's People

Contributors

subashsn avatar sns-temp avatar abhisek avatar madhuakula avatar audibleblink avatar 0xbharath avatar shivankar-madaan avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.