NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

APACHE-2.0 License

Stars
1.9K
View Code on GitHub Visit Website
Ecosystems: JavaScript, Node.js, Docker

Bot releases are hidden (Show)

NodeGoat - Release v1.4 Latest Release

Published by ckarande about 5 years ago

  • Addition of details on SSRF, Context specific XSS validations
  • Defect fixes
  • Updates to target Node.js version
  • Optimization to Docker config
  • Addition of integration tests with cypress
  • Travis CI integration
NodeGoat - Release 1.3

Published by ckarande over 6 years ago

  • Additional vulnerability examples
  • Update insecure dependencies
  • Fix documentation typos
NodeGoat - Express Upgrade, Docker & Heroku Deployment options, Security tests using ZAP API

Published by ckarande almost 8 years ago

This release includes:

  1. Code changes to use Express 4.x
  2. Deployment options for the NodeGoat app via a Docker image and "Deploy on Heroku" button
  3. Security tests using Zap API
NodeGoat -

Published by ckarande almost 10 years ago

Release Notes:

  • Improvements to tutorial and addition of screencasts
  • Improved login page design
  • Changes to profile module to better demonstrate CSRF attack
NodeGoat - Essentials

Published by ckarande about 10 years ago

Changes since previous release:

  1. Allows to set optional MONGODB_URL env variable
  2. Fix for issue #33
Badges
Extracted from project README
Deploy Join the chat at https://gitter.im/OWASP/NodeGoat
Related Projects
hapi-starter-kit

Hapi.js based REST boilerplate which uses latest ES7/ES8 features (async/await) with code coverag...

11 Aug 2017 108
create-node-app

Powerful tool to scaffold your application choosing between different templates and extensions fo...

07 Oct 2020 64