afifkhaidir/vuln_node_express

JavaScript

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

SQL Injection via search box. - item%' union all select * from user; --
Cross Site Scripting via search box. - <script>alert("hey guy");</script>

Key Takeaways

3 Types of Security Testing

SCA (SW Composition Analysis) example: dependabot, snyk, FOSSA

operates on static code
scanning vuln on library/modules used by SW
fast

SAST (Static Application Security Testing) example: CodeQL, sonarqube, checkmarx

operates on static code
scanning vuln by pattern on codebase
high false positives
slow

DAST (Dynamic Application Security Testing) example: StackHawk, OWASP ZAP, burp suite

Operates on running code
Reports on suspected vuln
Slow