Skip to content

Vulnerable application for security issues demo

License

Notifications You must be signed in to change notification settings

mishatimtim/vulnbank

 
 

Repository files navigation

VulnBank

This application emulates modern Web 2.0 application and has several vulnerabilities related to OWASP Top10, business logic or architecture-level issues.

Dependencies: PHP, MySQL

Vulnerabilities list:

  • Business logic issues
  • DOM-based Cross-Site Scripting (XSS)
  • Stored Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Race Condition
  • XML External Entity (XXE)
  • Session Hijacking
  • Remote Code Execution (ImageTragick, CVE-2016-3714)

Features list:

  • Different API-types: XML, REST, ordinary POST-request
  • Nexmo SMS-gateway integration

Docker deployment

You can deploy ready-to-use container from vulnbank/vulnbank:

docker run --name vulnbank -p 80:80 -d vulnbank/vulnbank

Or build your own with following command:

docker build . -f Dockerfile

About

Vulnerable application for security issues demo

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 55.8%
  • CSS 21.2%
  • PHP 12.2%
  • HTML 5.6%
  • Less 2.7%
  • SCSS 1.2%
  • Other 1.3%