Skip to content
/ DSVPWA Public
forked from sgabe/DSVPWA

Damn Simple Vulnerable Python Web Application

License

MIT license
0 stars 85 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mtawadrousv/DSVPWA

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
db
db
 
 
docs
docs
 
 
dsvpwa
dsvpwa
 
 
ssl
ssl
 
 
static
static
 
 
templates
templates
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
dsvpwa.py
dsvpwa.py
 
 

Repository files navigation

Damn Simple Vulnerable Python Web Application

DSVPWA is a simple web application written in Python and mainly inspired by DSVW. It is deliberately vulnerable for educational purposes to demonstrate some of the OWASP TOP Ten security risks and other vulnerabilities. It supposed to be used locally in a virtual machine or in a Docker container.

Features

In comparison to other similar projects, this application also provides very basic session management and HTML templating. Currently it can be used to demonstrate the following security attacks and vulnerabilities:

Requirements

The project's goal is to be simple, hence the only requirement is Python 3.9. Note that some attacks or vulnerabilities might have additional requirements. However, most of the features should be still available on minimal configurations.

Usage

Standalone

You can simply run the standalone application with:

> python dsvpwa.py

Docker

You can build and run the application with an interactive shell (-it) in a container that is automatically removed (--rm) and bind the container's default port to the host (-p):

> docker build -t dsvpwa .
> docker run --rm -it -p 127.0.0.1:65413:65413 dsvpwa

Note that ports which are not bound to the host (i.e., -p 65413:65413 instead of -p 127.0.0.1:65413:65413) will be accessible from the outside.

Similar projects

Disclaimer

This is a vulnerable application and may compromise the security of your system. It is intended to be used for educational purposes only and should not be used with malicious intent. It is supposed to be used in safe, restricted, local environments. Default configuration binds to localhost to minimize the exposure. The author is not responsible for any damage or loss of data after using this software. Use it on your own risk! TEST

About

Damn Simple Vulnerable Python Web Application

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 57.4%
  • HTML 36.7%
  • CSS 3.4%
  • Other 2.5%