afifkhaidir / vuln_node_express

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

Key Takeaways

3 Types of Security Testing

  1. SCA (SW Composition Analysis) example: dependabot, snyk, FOSSA
  • operates on static code
  • scanning vuln on library/modules used by SW
  • fast
  1. SAST (Static Application Security Testing) example: CodeQL, sonarqube, checkmarx
  • operates on static code
  • scanning vuln by pattern on codebase
  • high false positives
  • slow
  1. DAST (Dynamic Application Security Testing) example: StackHawk, OWASP ZAP, burp suite
  • Operates on running code
  • Reports on suspected vuln
  • Slow

About


Languages

Language:JavaScript 85.1%Language:Pug 11.4%Language:Dockerfile 1.8%Language:CSS 1.7%