The main goal of this project is to provide a laboratory for those who are interested in learning about web security development in a practical manner.
By provisioning a local lab via docker-compose, you will learn how to find, test and mitigate the most critical web application security risks.
These are vulnerable applications! 🔥
- A1 - Injection - CopyNPaste API
- A2 - Broken Authentication - Saidajaula Monster Fit
- A3 - Sensitive Data Exposure - Insecure Go Project
- A4 - XML External Entities (XXE) - ViniJr Blog
- A5 - Broken Access Control - Vulnerable Ecommerce API
- A6 - Security Misconfiguration - Vulnerable Wordpress Misconfig
- A7 - Cross-Site Scripting (XSS) - Gossip World
- A8 - Insecure Deserialization - Amarelo Designs
- A9 - Using Components With Known Vulnerabilities - Cimentech
- A10 - Insufficient Logging&Monitoring - GamesIrados.com
Nice! You can send us your mitigation of the vulnerability directly through a Pull Request, using the review requested 👀 label. We expect your mitigation proposal to have all the changes needed to completely fix the vulnerability and a short explanation on what you are doing. If you're feeling a bit lost, try having a look at this mitigation solution, it might help!
We encourage you to contribute to SecDevLabs! Please check out the Contributing to SecDevLabs guide for guidelines on how to proceed!
This project is licensed under the BSD 3-Clause "New" or "Revised" License - read LICENSE.md file for details.