NodeGoat
0
Free
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. Getting Started OWASP Top 10 for Node.js web applications: Know it! This application bundled a tutorial page that explains the OWASP Top 10 vulnerabilities and how to fix them. Once the application is running, you can access the tutorial page at http://localhost:4000/tutorial (or the port you have configured). Do it! A Vulnerable Node.js App for Ninjas to exploit, toast, and fix. You may like to set up your own copy of the app to fix and test vulnerabilities. Hint: Look for comments in the source code. Default user accounts The database comes pre-populated with these user accounts created as part of the seed data - Admin Account - u:admin p:Admin_123 User Accounts (u:user1 p:User1_123), (u:user2 p:User2_123) New users can also be added using the sign-up page. How to Set Up Your Copy of NodeGoat OPTION 1 - Run NodeGoat on your machine Install Node.js - NodeGoat requires Node v8 or above Clone the
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
Intentionally vulnerable Kubernetes cluster environment for learning and practicing Kubernetes security.
Free
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
Free
Deliberately vulnerable CI/CD environment with 11 challenges to practice security.
Free
Level 400 training to become a Microsoft Sentinel Ninja.
Free
A blog post discussing the differences between Solaris Zones, BSD Jails, VMs, and containers, with the author arguing that containers are not a real thing.
Free
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
Free
A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.
Free
Hacker wargames site with forums and tutorials, fostering a learning community.
Free
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Commercial
Security Operations
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Commercial
Application Security
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Commercial
IAM
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security