The web appplication is a demonstrator of the use of static analysis tools for web applications for Security Verification and Testing course of Politecnico di Torino, based on a React front-end and an Express back-end
- documentation: contains the description of the projet, including the static analysis tools report
- exploits: contains the script used to execute the exploits
- web-app-secure: contains the source code of the secure web applications
- web-app-vulnerable: contains the source code of the vulnerable web applications
- Ubuntu (tested on 22.04, 24.04)
- Firefox Browser
- Install npm
sudo apt install npm
- Install curl
sudo apt install curl
- Install nvm (installer manager for node)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
- Update the bash PATHs
source ~/.bashrc
- Install node.js version 21
nvm install 21
- Install dependencies
# Run in web-app-vulnerable/server
npm install
# Run in web-app-vulnerable/client
npm install
# Run in web-app-secure/server
npm install
# Run in web-app-secure/client
npm install
# Run in web-app-vulnerable/server
npm start
# Run in web-app-vulnerable/client
npm start
And you can enter the webapp by visiting http://localhost:3000
# Run in web-app-secure/server
npm start
#in web-app-secure/client
npm start
In order to let the browser trust the self-signed certificate, the following steps need to be followed (just once, on first start):
- Navigate to https://localhost:3001/
- Click "advanced"
- Click "accept the risk and continue"
After this, you can finally enter the webapp by visiting http://localhost:3000