Skip to content

toronto-jug/owasp-nightmare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

owasp-nightmare

A Spring Boot app showcasing a CSRF vulnerability and fix.

What does it do?

You can sign in to the app via Google login and post messages in a shared chat (stored in memory).

There is an accompanying static page that can be visited to demonstrate a CSRF attack.

Fixed Version

The fixed branch updates the application to resist CSRF attacks.

Running the App

Google Login

This application uses Google login. To setup Google login, follow the instructions here.

Running

You can run this app from the main method in the OwaspNightmareApplication class from your IDE of choice, or via Maven:

./mvnw spring-boot:run

You will need to configure the client ID and secret for your Google login client in the application.yml file or via runtime configuration (environment variables or system properties).

About

A Spring Boot app showcasing a CSRF vulnerability and fix

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages