Skip to content

dkundel/onesie-life

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 

πŸ’–

onesie.life

An intentionally insecure web application to highlight different web security concepts


This is an example application used by Dominik Kundel in his Introduction to Web Security talk. It has intenionally a set of vulnerabilities to highlight different attack vectors and as well as ways to fix them.

If you find any additional attack vectors, feel free to create an issue for it or alternatively create a pull request for this README to add it to the list of vulnerabilities.

Vulnerabilities

There is a variety of vulnerabilites present in this application. Check out the respective docs to learn more about them.

Security Measurements

Resources

Setup

This application is built with Node.js and uses Twilio Sync as a database at the moment.

Prerequisites

Make sure you have the following values stored in your environment variables:

# Your Twilio Account SID
TWILIO_ACCOUNT_SID=
# A Twilio API Key
TWILIO_API_KEY=
# A Twilio API Secret
TWILIO_API_SECRET=
# The SID of your Twilio Sync Service (can be 'default')
TWILIO_SYNC_SERVICE=default

Setup

git clone git@github.com:dkundel/onesie-life.git
cd onesie-life
npm install

Start Server

npm start

Open Page http://localhost:3000

License

MIT

Contributors

About

πŸ”“ Onesie.life is a fictional social media network that has intentional vulnerabilities

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published