Damn Simple Vulnerable Python Web Application

DSVPWA is a simple web application written in Python and mainly inspired by DSVW. It is deliberately vulnerable for educational purposes to demonstrate some of the OWASP TOP Ten security risks and other vulnerabilities. It supposed to be used locally in a virtual machine or in a Docker container.

Features

In comparison to other similar projects, this application also provides very basic session management and HTML templating. Currently it can be used to demonstrate the following security attacks and vulnerabilities:

Requirements

The project's goal is to be simple, hence the only requirement is Python 3.9. Note that some attacks or vulnerabilities might have additional requirements. However, most of the features should be still available on minimal configurations.

Usage

Standalone

You can simply run the standalone application with:

> python dsvpwa.py

Docker

You can build and run the application with an interactive shell (-it) in a container that is automatically removed (--rm) and bind the container's default port to the host (-p):

> docker build -t dsvpwa .
> docker run --rm -it -p 127.0.0.1:65413:65413 dsvpwa

Note that ports which are not bound to the host (i.e., -p 65413:65413 instead of -p 127.0.0.1:65413:65413) will be accessible from the outside.

Similar projects

Disclaimer

This is a vulnerable application and may compromise the security of your system. It is intended to be used for educational purposes only and should not be used with malicious intent. It is supposed to be used in safe, restricted, local environments. Default configuration binds to localhost to minimize the exposure. The author is not responsible for any damage or loss of data after using this software. Use it on your own risk!

About

Damn Simple Vulnerable Python Web Application

MIT License

Languages

Language:Python 57.4%Language:HTML 36.7%Language:CSS 3.4%Language:JavaScript 0.9%Language:Dockerfile 0.9%Language:Makefile 0.7%