How to use this ? about nodegoat HOT 4 CLOSED

watching few videos, this is iust vulnerable Node.js web app ? is it this ? nothing more ?

from nodegoat.

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. this is text in https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

so why not using the same simple formulation on this project ?

from nodegoat.

@ainthek Definitely nodegoat is not just a vulnerable app. We hope user of the project learns a) how vulnerabilities can manifest and exploited in node.js apps, and b) more importantly, how each of these vulnerabilities can be fixed.

Did you go through the tutorial? (the link to it is on the login page, just above the login box). In this tutorial each vulnerability is explained in detail in these sections -

• Short Description of the vulnerability
• Attack mechanics: explaining how each vulnerability can be exploited in the app using video screencasts
• How do I prevent it: explaining how to address the vulnerability
• Source code example: showing the actual fix required. The source code of the app also comes with comments and TODO statements at the place where fix should be applied.

Have already gone through all of the above, and still feel that it is just a useless node.js app?
If you missed to notice the tutorial exists, that is a good feedback and we should probably explain that better in README file.

from nodegoat.

Added a section in README, explaining usage.

from nodegoat.