Damn Vulneable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities.
The application is powered by commonly used libraries such as express, passport, sequelize, etc.
It is aimed to be useful for developers with limited development expereience in NodeJS, and the fixes for the vulnerabilities will be available in the fixes branch in the repository.
This guide contains the following
- Instructions for setting up DVNA
- Instructions on exploiting the vulnerabilities
- Vulnerable code snippets and instructions on fixing vulnerabilities
- Recommendations for avoid such vulnerabilities
- References for learning more
Available on Github https://github.com/appsecco/dvna
This gitbook was generated from https://github.com/appsecco/dvna/tree/master/docs