🔓 Onesie.life is a fictional social media network that has intentional vulnerabilities
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
lib
public
.env.example
.gitignore
LICENSE
README.md
package-lock.json
package.json

README.md

💖

onesie.life

An intentionally insecure web application to highlight different web security concepts


This is an example application used by Dominik Kundel in his Introduction to Web Security talk. It has intenionally a set of vulnerabilities to highlight different attack vectors and as well as ways to fix them.

If you find any additional attack vectors, feel free to create an issue for it or alternatively create a pull request for this README to add it to the list of vulnerabilities.

Vulnerabilities

There is a variety of vulnerabilites present in this application. Check out the respective docs to learn more about them.

Security Measurements

Resources

Setup

This application is built with Node.js and uses Twilio Sync as a database at the moment.

Prerequisites

Make sure you have the following values stored in your environment variables:

# Your Twilio Account SID
TWILIO_ACCOUNT_SID=
# A Twilio API Key
TWILIO_API_KEY=
# A Twilio API Secret
TWILIO_API_SECRET=
# The SID of your Twilio Sync Service (can be 'default')
TWILIO_SYNC_SERVICE=default

Setup

git clone git@github.com:dkundel/onesie-life.git
cd onesie-life
npm install

Start Server

npm start

Open Page http://localhost:3000

License

MIT

Contributors