From 76a43619a77b6249ef87a443ffcf0c5ed97b162c Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Sat, 11 Jun 2022 15:16:04 +0300 Subject: [PATCH] docs: README file cleanup --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ab22640a0..c6934e408 100644 --- a/README.md +++ b/README.md @@ -3,14 +3,19 @@ Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. ## Getting Started + OWASP Top 10 for Node.js web applications: ### Know it! + [Tutorial Guide](http://nodegoat.herokuapp.com/tutorial) explaining how each of the OWASP Top 10 vulnerabilities can manifest in Node.js web apps and how to prevent it. ### Do it! + [A Vulnerable Node.js App for Ninjas](http://nodegoat.herokuapp.com/) to exploit, toast, and fix. You may like to [set up your own copy](#how-to-set-up-your-copy-of-nodegoat) of the app to fix and test vulnerabilities. Hint: Look for comments in the source code. + ##### Default user accounts + The database comes pre-populated with these user accounts created as part of the seed data - * Admin Account - u:admin p:Admin_123 * User Accounts (u:user1 p:User1_123), (u:user2 p:User2_123) @@ -73,11 +78,11 @@ The database comes pre-populated with these user accounts created as part of the ``` #### Customizing the Default Application Configuration + By default the application will be hosted on port 4000 and will connect to a MongoDB instance at localhost:27017. To change this set the environment variables `PORT` and `MONGODB_URI`. Other settings can be changed by updating the [config file](https://github.com/OWASP/NodeGoat/blob/master/config/env/all.js). - ### OPTION 2 - Run NodeGoat on Docker The repo includes the Dockerfile and docker-compose.yml necessary to set up the app and db instance, then connect them together. @@ -104,7 +109,6 @@ The repo includes the Dockerfile and docker-compose.yml necessary to set up the docker-compose up ``` - ### OPTION 3 - Deploy to Heroku This option uses a free ($0/month) Heroku node server. @@ -131,10 +135,9 @@ This will allow you to fix vulnerabilities in your own forked version, then depl The `` and `` fields need filling in with the details of the database user added earlier. The `` field sets the name of the database nodegoat will use in the cluster (eg "nodegoat"). The other fields will already be filled in with the correct details for your cluster. - ## Report bugs, Feedback, Comments -* Open a new [issue](https://github.com/OWASP/NodeGoat/issues) or contact team by joining chat at [Slack](https://owasp.slack.com/messages/project-nodegoat/) or [![Join the chat at https://gitter.im/OWASP/NodeGoat](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/OWASP/NodeGoat?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +* Open a new [issue](https://github.com/OWASP/NodeGoat/issues) or contact team by joining chat at [Slack](https://owasp.slack.com/messages/project-nodegoat/) or [![Join the chat at https://gitter.im/OWASP/NodeGoat](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/OWASP/NodeGoat?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) ## Contributing @@ -145,10 +148,13 @@ Please Follow [the contributing guide](CONTRIBUTING.md) This project is bound by a [Code of Conduct](CODE_OF_CONDUCT.md). ## Contributors + Here are the amazing [contributors](https://github.com/OWASP/NodeGoat/graphs/contributors) to the NodeGoat project. ## Supports + - Thanks to JetBrains for providing licenses to fantastic [WebStorm IDE](https://www.jetbrains.com/webstorm/) to build this project. ## License + Code licensed under the [Apache License v2.0.](http://www.apache.org/licenses/LICENSE-2.0)