piWASTE - Purposely Insecure Web Application for Security Training and Education

Educational purposely insecure website for demonstrating web vulnerabilities. Originally developed as a student project in UniOulu 521479S Software Project course in 2020.

Run the server

Make sure you have FLASK_APP defined:

Linux:
export FLASK_APP=app
Windows:
set FLASK_APP=app

Enable debugging mode

Linux:
export FLASK_ENV=development
Windows:
set FLASK_ENV=development

Before running you need to initialize the database

flask init-db

And then run the server

flask run

Run the docker container

You can use docker-compose to run the server in a container which mounts the current working directory. So it's possible to edit the code while the container is running.

docker-compose up

To tear it down, you can just run:

docker-compose down

If you want to try building a clean container, you can build the image and run it:

docker build . -t piwaste
docker run -it --network=host piwaste # network=host is needed to be able to access it from the outside

Requirements

pip install -r requirements.txt

Running local tests

python -m pytest

About

Purposely Insecure Web Application for Security Training and Education (a 521479S Software Project 2020 course project)

MIT License

Languages

Language:HTML 57.0%Language:Python 36.1%Language:JavaScript 3.5%Language:CSS 3.0%Language:Dockerfile 0.5%Language:Shell 0.0%