Skip to content

shb7628/insecure-test-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
app
app
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Insecure Test App

This application is intentionally vulnerable. It is designed as a test target for security scanners and SAST tools.

Do not deploy this in production.

Vulnerabilities

The app contains known security weaknesses including:

  • SQL Injection (CWE-89)
  • Path Traversal (CWE-22)
  • Cross-Site Scripting / XSS (CWE-79)
  • Cross-Site Request Forgery / CSRF (CWE-352)
  • Hard-coded Credentials (CWE-798)
  • Insufficiently Protected Credentials (CWE-522)
  • Missing Secure Cookie Attribute (CWE-614)

All 21 findings are pre-populated in the database on first startup.

Stack

  • Backend: FastAPI (Python)
  • Database: PostgreSQL 16
  • Auth: JWT via cookies, bcrypt password hashing
  • Templates: Jinja2

Running

docker-compose up --build

Visit http://localhost:8000

Seed Data

On first startup, the app seeds:

  • Users:
    • armis-appsec-mcp@example.com / password (scanner user)
    • user@example.com / password
  • Vulnerabilities: 21 findings from an AI-powered SAST scan, viewable on the dashboard

About

insecure test python app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages