An app developed to teach web application security lessons to Node.js web developers. It shows how each of the OWASP Top 10 categories of vulnerabilities can manifest themselves in a Node.js specific way and provides the subsequent mitigations for each in accompanied tutorial guide.
The entry includes two components: A vulnerable node.js web application, and a tutorial guide.
The web application allows managing retirement saving plan for employees of a fictitious corporation. Along with retirement savings balances, it handles sensitive personal information of employees such as tax Id, data of birth, etc. in an insecure way.
The accompanied tutorial guide, explains each of the OWASP Top 10 vulnerability in depth, including how the attack scenario is manifested in the target application, and how to prevent it.
This project will be further enhanced and opened to Node.js community to contribute under OWASP Node.js Goat Project (https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project).
Voting is now closed.
Learning Objects Inc.
Thank you for detailed feedback. I really appreciate it. I liked the suggestion of using bootstrap tour and github diffs. I will enhance the app to incorporate your feedback. Thanks!
Spatial Automation Lab -- University of Wisconsin, Madison / 3D Systems / Bespoke Innovations