Vulnerable Node is a web application written in NodeJS that’s intentionally full of vulnerabilities.
Why? To test security tools, obviously.
The problem
When you create a security tool, you need something to test it with. Something with known vulnerabilities.
But most vulnerable applications out there are too simple. Or too old.
What does Vulnerable Node have?
All OWASP Top 10 vulnerabilities:
- SQL Injection
- XSS
- CSRF
- Path Traversal
- Command Injection
- And many more
But in a realistic application. Not a simple login form.
Real usage
+480 stars and used by:
- Companies to test their security tools
- Universities to teach web security
- Bug bounty hunters to practice
- Developers to learn how NOT to do things
If you develop security tools, this is for you.