NodeGoat
NodeGoat copied to clipboard
OWASP
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
- chore: update gitignore - chore: update file with Snyk Code IDE plugin file for local
The first commit moves the tutorial routes out of `routes/index.js` and into a separate router. This is to avoid cluttering the top-level route setup with the tutorial routing code. The...
Hi After performing DOS attack in profile page application went down and not working
### Context - This is part of release-1.5 #148 - References Issue: #158 ### Tasks - [x] Remove dependency `bcrypt-nodejs` in `package.json` - [x] Add dependency `bcrypt` in `package.json` -...
Hi, The ReDos example uses two regular expressions which are missing start and end anchors: https://github.com/OWASP/NodeGoat/blob/e2dffdb8c7e988c10bacdccba14d6f0d352c5090/app/routes/profile.js#L58-L59 These regular expressions accept values such as `evil123#evil`. How about: 1/ fixing these two...
Hi, I noticed that commit https://github.com/OWASP/NodeGoat/commit/7c293e721bd1e95be6f82475d295b9b10e3b584e has broken the XSS example. 1/ The `website` property is not saved in the database. Thus it will never be displayed. https://github.com/OWASP/NodeGoat/blob/e2dffdb8c7e988c10bacdccba14d6f0d352c5090/app/routes/profile.js#L82-L91 2/ The...
Hi all! In the last months we were focus on improve the codebase with tests, mostly e2e test and CI. Now we are more confidents on the source code and...
### Context - This is part of `release-1.5` #148 - MEDIUM priority task ### Tasks - [ ] Remove dependency `bcrypt-nodejs` in `package.json` - [ ] Add dependency `bcrypt` in...