Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. Getting Started OWASP Top 10 for Node.js web applications: Know it! This application bundled a tutorial page that explains the OWASP Top 10 vulnerabilities and how to fix them. Once the application is running, you can access the tutorial page at http://localhost:4000/tutorial (or the port you have configured). Do it! A Vulnerable Node.js App for Ninjas to exploit, toast, and fix. You may like to set up your own copy of the app to fix and test vulnerabilities. Hint: Look for comments in the source code. Default user accounts The database comes pre-populated with these user accounts created as part of the seed data - Admin Account - u:admin p:Admin_123 User Accounts (u:user1 p:User1_123), (u:user2 p:User2_123) New users can also be added using the sign-up page. How to Set Up Your Copy of NodeGoat OPTION 1 - Run NodeGoat on your machine Install Node.js - NodeGoat requires Node v8 or above Clone the
FEATURES
ALTERNATIVES
Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
Interactive challenges demonstrating attacks on real-world cryptography.
Collection of cybersecurity conference videos from GreHack 2018 covering various cutting-edge topics.
A collection of lab scripts and files for learning about containers and container internals.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.