Skip to content

Latest commit

 

History

History
 
 

insecure-go-project

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
app
app
 
 
deployments
deployments
 
 
docs
docs
 
 
images
images
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

README.md

Insecure Go Project

This is a simple Golang API that contains an example of a Broken Authentication vulnerability.

What is Broken Authentication?

Definition from OWASP:

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.

Requirements

To build this lab you will need Docker and Docker Compose.

Deploy and Run

After cloning this repository, you can type the following command to start the vulnerable application:

$ make install

Then simply check /healthcheck route:

$ curl localhost:9999/healthcheck
WORKING!

Attack Narrative

To understand how this vulnerability can be exploited, check this section!

Mitigating the vulnerability

(Spoiler alert 🧐) To understand how this vulnerability can be mitigated, check this other section!

Contributing

Yes, please. ⚡