Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. Getting Started OWASP Top 10 for Node.js web applications: Know it! This application bundled a tutorial page that explains the OWASP Top 10 vulnerabilities and how to fix them. Once the application is running, you can access the tutorial page at http://localhost:4000/tutorial (or the port you have configured). Do it! A Vulnerable Node.js App for Ninjas to exploit, toast, and fix. You may like to set up your own copy of the app to fix and test vulnerabilities. Hint: Look for comments in the source code. Default user accounts The database comes pre-populated with these user accounts created as part of the seed data - Admin Account - u:admin p:Admin_123 User Accounts (u:user1 p:User1_123), (u:user2 p:User2_123) New users can also be added using the sign-up page. How to Set Up Your Copy of NodeGoat OPTION 1 - Run NodeGoat on your machine Install Node.js - NodeGoat requires Node v8 or above Clone the
FEATURES
SIMILAR TOOLS
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.