Conviso Vulnerable Web Application
This application was purposely coded insecurely, having a large number of vulnerabilities and bad practices. The idea is to simulate an initial blog structure, made by a novice programmer who made serious mistakes, leaving it vulnerable to numerous attacks.
We use this application for educational purposes only, making demonstrations on how to manually and automatically detect these vulnerabilities and also how to fix them.
$ git clone https://github.com/convisolabs/CVWA
$ cd CVWA
$ docker build -t cvwa .
$ docker container run -ti -p 8080:80 cvwaThe expectation boils down to two things:
- We expect you to perform a white-box analysis on the code in this repository, identifying risks and vulnerabilities, pointing out opportunities for improvement and the root causes of problems - with suggestion of fix.
- Document all this in a didactic, direct and comprehensive way in a PDF report that will be evaluated by our technical team.
What will be evaluated:
- Number of identified vulnerabilities/risks;
- Report narrative, grammar and organization;
- Depth of analyses;
- Analytical and critical thinking during analysis;
The report can be written in Portuguese or in English.
- Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page.
- This work is licensed under MIT License.