Skip to content
This repository has been archived by the owner on Jul 28, 2023. It is now read-only.

Latest commit

 

History

History
81 lines (58 loc) · 3.28 KB

README.md

File metadata and controls

81 lines (58 loc) · 3.28 KB

💖

onesie.life

An intentionally insecure web application to highlight different web security concepts


This is an example application used by Dominik Kundel in his Introduction to Web Security talk. It has intenionally a set of vulnerabilities to highlight different attack vectors and as well as ways to fix them.

If you find any additional attack vectors, feel free to create an issue for it or alternatively create a pull request for this README to add it to the list of vulnerabilities.

Vulnerabilities

There is a variety of vulnerabilites present in this application. Check out the respective docs to learn more about them.

Security Measurements

Resources

Setup

This application is built with Node.js and uses Twilio Sync as a database at the moment.

Prerequisites

Make sure you have the following values stored in your environment variables:

# Your Twilio Account SID
TWILIO_ACCOUNT_SID=
# A Twilio API Key
TWILIO_API_KEY=
# A Twilio API Secret
TWILIO_API_SECRET=
# The SID of your Twilio Sync Service (can be 'default')
TWILIO_SYNC_SERVICE=default

Setup

git clone [email protected]:dkundel/onesie-life.git
cd onesie-life
npm install

Start Server

npm start

License

MIT

Contributors