vulnado: vulnerable Java application
Vulnado – Intentionally Vulnerable Java Application
This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.
The docker network created by docker-compose maps pretty well to a multi-tier architecture where a web server is publicly available and there are other network resources like a database and internal site that are not publicly available.
- Install Docker for MacOS or Windows. You’ll need to create a Docker account if you don’t already have one.
- git clone git://github.com/ScaleSec/vulnado
- cd vulnado
- docker-compose up
- Open a browser and navigate to the client to make sure it’s working: [http://localhost:1337](docker-compose up)
- Then back in your terminal verify you have a connection to your API server: nc -vz localhost 8080
- SQL Injection
- XSS – Cross Site Scripting
- SSRF – Server Side Request Forgery
- RCE – Remote Code Execution & Reverse Shell