Skip to content

j3ers3/Hello-Java-Sec

BranchesTags

Repository files navigation

☕️ Hello Java Sec Stage Build Status

Hello Java Security 通过结合漏洞场景和安全编码,帮助安全和研发团队理解漏洞原理,从而减少漏洞的产生,代码仅供参考 :)

  • 默认账号:admin/admin

Vulnerability

  • SQLi
  • XSS
  • RCE
  • Deserialization
  • SSTI
  • SpEL
  • SSRF
  • IDOR
  • Directory Traversal
  • Redirect
  • CSRF
  • File Upload
  • XXE
  • Actuator
  • Fastjson
  • Xstream
  • Log4shell
  • JNDI
  • Dos
  • Xpath
  • IPForgery
  • Jwt
  • Password Reset
  • more and more

Run

手工部署

配置数据库

导入数据库文件 src/main/resources/db.sql 配置数据库连接 src/main/application.properties

spring.datasource.url=jdbc:mysql://127.0.0.1:3306/test
spring.datasource.username=root
spring.datasource.password=1234567

编译并启动

使用JDK 1.8环境,高版本会报错

git clone https://github.com/j3ers3/Hello-Java-Sec
cd Hello-Java-Sec
mvn clean package -DskipTests
java -jar target/javasec-x.x.jar

Docker部署

git clone https://github.com/j3ers3/Hello-Java-Sec
cd Hello-Java-Sec
mvn clean package -DskipTests
docker-compose up

技术架构

  • Java 1.8
  • SpringBoot 2.4.1
  • Bootstrap 4.6.0
  • Codemirror 5.62.0

About

☕️ Java Security,安全编码和代码审计

Topics

code-audit java-sec java-vul

Resources

Readme
Activity

Stars

1.4k stars

Watchers

12 watching

Forks

223 forks
Report repository

Releases 6

v1.15 Latest
Nov 27, 2024
+ 5 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages