This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.
- Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one.
git clone git://github.com/ScaleSec/vulnado
cd vulnado
docker-compose up
- Open a browser and navigate to the client to make sure it's working: http://localhost:1337
- Then back in your terminal verify you have connection to your API server:
nc -vz localhost 8081
The docker network created by docker-compose
maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.
- SQL Injection
- XSS - Cross Site Scripting
- SSRF - Server Side Request Forgery
- RCE - Remote Code Execution & Reverse Shell
In case you would like to try some remote debugging with jdb, you may
docker-compose up --build -d
docker cp vulnado_vulnado_1:/vulnado-0.0.1-SNAPSHOT.jar .
- Use JD-GUI [https://github.com/java-decompiler/jd-gui] to decompile the jar
- Change the file structure, so that the remote debugging can be successfully done
jdb -sourcepath ./ -connect com.sun.jdi.SocketAttach:hostname=localhost,port=5005
- Set breakpoints using jdb
stop in com.scalesec.vulnado.LoginController:20