A CTF web app designed to teach software developers application security by showcasing what vulnerable code looks like, how to write code to exploit the vulnerability, and how to write code to patch the vulnerability.
- Install docker if it is not already installed.
- Run
docker compose -f docker-compose.dev.yaml up --build. Be sure to wait enough time before running the next command to allow time for the application to start up, especially on first run. The presence of this log line indicates the database is ready:
db_1 | 2021-03-22T22:37:00.973213Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.23' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL.
- From another tab in your terminal, run
docker exec -it appseccheatcodes-web-1 flask db initializeto initialize the database. This also has the effect of resetting the database if you want to do that in the future. - The web server is now accessible at
127.0.0.1:12300
- Run
docker compose -f docker-compose.dev.yaml up --build - The web server is now accessible at
127.0.0.1:12300
- Any changes made to the server code locally will be automatically reloaded in the docker container. Feel free to make changes and play around with the code to help you understand how it works better!
- Run
docker exec -it appseccheatcodes-db-1 mysql -p appsecdbto open a shell that accesses the database. The password will betest.docker exec -itopens an interactive terminal for a containerappseccheatcodes-db-1is the name of the database containermysql -p appsecdbis the command to run within the interactive terminal (appsecdbis the name of the database)