Skip to content

daniel-poirot/demo-nodegoat

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
app
app
 
 
artifacts
artifacts
 
 
config
config
 
 
e2e
e2e
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.jshintrc
.jshintrc
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
Jenkinsfile
Jenkinsfile
 
 
LICENSE
LICENSE
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
app.json
app.json
 
 
deploy.sh
deploy.sh
 
 
docker-compose.yml
docker-compose.yml
 
 
image.sh
image.sh
 
 
main.tf
main.tf
 
 
nodemon.json
nodemon.json
 
 
outputs.tf
outputs.tf
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
parseyaml.py
parseyaml.py
 
 
playwright.config.ts
playwright.config.ts
 
 
server.js
server.js
 
 
variables.tf
variables.tf
 
 

Repository files navigation

NodeGoat: A deliberately insecure Node.js web application

This sample application is based on https://github.com/OWASP/NodeGoat.git.

Warning: The computer running this application will be vulnerable to attacks, please take appropriate precautions.

Running standalone

You can run NodeGoat locally on any machine with Node.js LTS installed.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Run npm install @contrast/agent for Assess or npm install @contrast/protect-agent for Protect .
  3. Create Mongo DB: * If using local Mongo DB instance, start mongod. * Update the db property in file config/env/development.js to reflect your DB setup. (in format: mongodb://localhost:27017/<databasename>)
  4. Populate MongoDB with seed data required for the app
    • Run the npm run db:seed to populate the DB with seed data required for the application. Pass the desired environment as argument. If not passed, "development" is the default.
  5. Start the server using npm start, the Contrast agent will already be enabled.
  6. Browse the application at http://localhost:4000/NodeGoat/

Running in Docker

You can run NodeGoat within a Docker container.

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Build the NodeGoat container image using docker-compose build. The Contrast v4 (Assess) agent is added automatically during the Docker build process.
  3. Run the container using docker-compose up, this will start a local mongodb container and the web server together.
  4. Browse the application at http://localhost:4000/NodeGoat/

Running in Azure (Azure App Service):

Pre-Requisites

  1. Place a contrast_security.yaml file into the application's root folder.
  2. Install Terraform from here: https://www.terraform.io/downloads.html.
  3. Install PyYAML using pip install PyYAML.
  4. Install the Azure cli tools using brew update && brew install azure-cli.
  5. Log into Azure to make sure you cache your credentials using az login.
  6. Edit the variables.tf file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.
  7. Run terraform init to download the required plugins.
  8. Run terraform plan and check the output for errors.
  9. Run terraform apply to build the infrastructure that you need in Azure, this will output the web address for the application.
  10. Run terraform destroy when you would like to stop the app service and release the resources.

Updating the Docker Image

You can re-build the docker image by running two scripts in order:

  • image.sh
  • deploy.sh

License

Code licensed under the Apache License v2.0.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 64.8%
  • JavaScript 26.7%
  • TypeScript 5.7%
  • HCL 1.9%
  • Dockerfile 0.4%
  • Shell 0.4%
  • Other 0.1%