Skip to content

jharper-sec/evil-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
data
data
 
 
public
public
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Dockerfile-app
Dockerfile-app
 
 
Dockerfile-contrast-service
Dockerfile-contrast-service
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
database.go
database.go
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handlers.go
handlers.go
 
 
main.go
main.go
 
 
types.go
types.go
 
 

Repository files navigation

Introduction

Evil App is an intentionally vulnerable Golang application intended for learning about security vulnerabilities within Golang. Currently implemented vulnerabilities are:

  • SQL Injection
  • Reflected Cross-Site Scripting (XSS)

Upcoming vulnerabilities:

  • Command Injection
  • Path Traversal

Pre-Requisites

Normal

  • Go >= 1.16

Contrast

  • contrast-go >= 0.14.0
  • contrast-service >= 2.19.0

Normal Build/Run Instructions

Build

go build

Run

./evil-app

Contrast Build/Run Instructions

Build with Contrast

Must have contrast-go installed.

contrast-go build -o evil-app

Run with Contrast

  1. Download contrast_security.yaml from Contrast to application directory

  2. Start Contrast Service

contrast-service
  1. Start application
./evil-app

About

Vulnerable Golang Demo Application

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages