A Flask web application with several vulnerabilities to be exploited.
- Docker (& Docker compose)
- Python 3.6
$ docker-compose build
$ docker-compose up| CWE ID | CWE Name |
|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation (XSS) |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CWE-209 | Information Exposure Through an Error Message |
| CWE-307 | Improper Restriction of Excessive Authentication Attempts |
| CWE-331 | Insufficent Entropy |
| CWE-346 | Origin Validation Error |
| CWE-352 | Cross-Site Request Forgery |
| CWE-451 | UI Misrepresentation of Critical Information |
| CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
| CWE-799 | Improper Control Of Interaction Frequency |
| CWE-837 | Improper Enforcement of Single, Unique Action |
| CWE-841 | Improper Enforcement Of Behavioral Workflow |
| CWE-1021 | Improper Restriction of UI layers or frames |