Skip to content
/ vuln-spring Public

Intentionally Vulnerable Spring Application to test SAST tools.

4 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

malikashish8/vuln-spring

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.mvn/wrapper
.mvn/wrapper
 
 
db
db
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

vuln-spring

Intentionally Vulnerable Spring Application to test coverage of SAST tools.

Vulnerabilities

Vulnerabilities are tagged with a comment with // Issue string. Searching for it in the whole code base should help find all vulnerabilities.

List

  • XSS - Reflected and Stored
  • SQLi
  • CSRF
  • SSRF
  • Hardcoded Secrets
  • Sensitive Data Exposure - Logging of Sensitive data
  • XXE
  • Open Redirect
  • Broken Access Control - JWT issues
  • Insecure Deserialization

Design

Mimic a banking app with SQLi DB for user details and an HTML interface written in Spring MVC.

Run for PoC

Docker

Simply run the following Docker Compose command after changing to code directory:

docker-compose up

This will run two containers. One for the Spring app and another for Maria DB. The app listens on http://127.0.0.1:8082 by default.

Develop

VS Code dev containers are used to develop this app. The configuration in .devcontainer also runs the db server.

ToDo

  • Add Bootstrap CSS so the web pages look better

About

Intentionally Vulnerable Spring Application to test SAST tools.

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages