The purpose of this application is to show how not following the best practices for security can lead to exposure of confidential information to unauthorized user (e.g. hacker).
This is a simple Spring Boot application, also containing some frontend. What can be showcased here is:
- reading user entered information due to missing encryption (e.g. no SSL)
- performing SQL injection
- obtaining user admin password (weak/no password policy, inferior hashing function)
- etc.
Build using mvn clean package and run using java -jar hackme*.jar. There's a in-memory database created (see data.sql). You can then open browser at http://localhost:8080 and login using username: hframe and password: P4SSW0RD.