NodeGoat

Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

How to Install and Run NodeGoat

Requirements

1. Install Node.js - NodeGoat requires Node v0.10 or above
2. Git command line tools - follow the setup instructions on GitHub or download here

Getting a Copy of the Code

Open a command prompt / terminal window and run the command below from the parent directory inside which you would like the NodeGoat code copied. git clone https://github.com/OWASP/NodeGoat.git

Running Your Copy of the Code

• Install node modules

cd NodeGoat
npm install 

• Create and populate Mongo DB
  • If using local Mongo DB instance, start mongod. If using a remote DB, skip to the next step.
  • Update the file config/env/development.js to reflect your DB setup.
  • Run grunt task below to create nodegoat DB and populate it with seed data required for the application. Pass the desired environment as argument. If not passed, "development" is the default:

grunt db-reset:development

• Start server, this starts the NodeGoat application at url http://localhost:4000/

npm start

• Login by creating a new user or using accounts created as part of the seed data (u:user1 p:User1_123, u:user2 p:User2_123, u:admin p:Admin_123)

Customizing the Default Application Configuration

The default application settings (database url, http port, etc.) can be changed by updating the [config file] (https://github.com/OWASP/NodejsGoat/blob/master/config/env/all.js).

Contributing

Contributions from community are key to make NodeGoat a high quality comprehensive resource. Lets make NodeGoat awesome together!

New to git? You may find these resources helpful:

• GitHub's git tutorial
• git - the simple guide
• git tutorials and workflows

Ways to Contribute

Depending on your preference, you can contribute in various ways. Here are tasks planned for upcoming release. To begin, inform team about task you would like to contribute on by opening an issue, sending a PR, or on Gitter Chat

What is the Process

1. Assign a task from project task list to yourself.
2. Implement changes in a fork.
3. Once code is ready to commit, run:

grunt precommit

This command uses js-beautifier to indent the code and verifies these coding standards using jsHint. Resolve all jsHint errors before committing the code.

4. Commit the changes by adding issue number into a commit message
5. Submit a pull request.

Report bugs, Feedback, Comments

• Open a new issue or contact team by joining chat at Slack or

License

Code licensed under the Apache License v2.0.

Contributors

Here are the amazing contributors to the NodeGoat project.

Supports

• Thanks to JetBrains for providing licenses to fantastic webStrom IDE to build this project.