NodeGoat
NodeGoat copied to clipboard
OWASP
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Replaced stale links with appropriate alternatives and added dependabot links. Fixes #234
Hello, The 6th link [bithound](http://www.bithound.io/) should be removed from the [page ](https://nodegoat.herokuapp.com/tutorial/a9)as it's not a Nodejs service anymore but a casino website. Cheers, Genia.
Looking at [NodeGoat's results on LGTM.com](https://lgtm.com/projects/g/OWASP/NodeGoat?mode=list), alongside the expected vulnerabilities there are some more alerts. Most are minor issues, but one is for this unexpected vulnerability: https://lgtm.com/projects/g/OWASP/NodeGoat?mode=list&tag=external%2Fcwe%2Fcwe-022 The `/tutorial/:page` route...
This updates the E2E test workflow to record video of the cypress tests. The videos and screenshots for any failed test cases are uploaded as build artifacts. There will be...
### Context - This is part of `release-1.5` #148 - Critical task ### Tasks - [ ] Improve the speed of the e2e tests (almost 8 minutes now). Maybe videos...
@ckarande Any thoughts on trashing the security regression tests now that purpleteam is in alpha and also an OWASP project? * https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API * https://github.com/OWASP/NodeGoat/blob/master/test/security/profile-test.js https://owasp.org/www-project-purpleteam/ Also any thoughts on how...
This adds a lint workflow and fixes the jshint errors so the workflow succeeds. Most of the changes were for doublequote/semicolon use and missing "use strict" directives. ~~(WIP: still need...
There are quite a few commits in `master` since the common base with `feature/187`. This is a WIP PR to merge them in. In particular, d1d5657f08756aa8056b50f2a6b70ce9fe6683a8 is needed in this...
Following discussion in #194 I've forked branch from @KoolTheba and started working on implementing new endpoints and examples of vulnerabilities. This Pull Request is still **WIP**. It was created to...
# WIP. No Merge: ## Pending - [ ] Documentation - Readme root - Readme server-render - [ ] [Heroku](https://medium.com/@johntucker_48673/monorepo-on-heroku-in-typescript-part-1-cbe62082f7cf) ### Context - Related #187 ### Changelog - 805d251 server-render...