Skip to content
/ IWA-API-Node Public

An insecure Node/Express REST API for use in Fortify demonstrations

License

GPL-3.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fortify-presales/IWA-API-Node

BranchesTags

Repository files navigation

Fortify Security Scan

IWA-API-Node

Table of Contents

Overview

IWA-API-Node is an insecure NodeJS/ExpressJS REST API for use in Fortify demonstrations. It includes some examples of bad and insecure code - which can be found using static and dynamic application security testing tools such as those provided by Fortify by OpenText.

The application is intended to provide the backend functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc).

Please note: the application should not be used in a production environment!

Forking the Repository

In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation

  • you can start the process by clicking on the "Fork" button at the top right.

Setting up the Development Environment

For this application to run you will require the following to be installed:

Clone the repository (preferably your fork from above) and then install all the required third-party packages using:

Running the Application

Install npm packages

npm i
npm i -g ts-node-dev

Populate MongoDB

node mongodb/populateDb.js all

Start Express API

npm run dev

The API should then be accessible at http://localhost:3000

About

An insecure Node/Express REST API for use in Fortify demonstrations

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages