Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Security OWASP Top 10 Vulnerabilities Vulnerabilities: Injection, XSS, CSRF Injection

Brendan Whiting
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Brendan Whiting
Front End Web Development Techdegree Graduate 84,735 Points
Posted by Brendan Whiting
.a{fill-rule:evenodd;}techdegree seal-36
Brendan Whiting
Front End Web Development Techdegree Graduate 84,735 Points

How do I do the setup for this course?

I see that there is a docker-compose file. I don't know how to use docker. I tried taking the Treehouse course on Docker but ran into some technical issues that I couldn't solve. Do i need to know docker in order to get this app up and running?

2 Answers

Zachary Betz
Zachary Betz
10,413 Points
Zachary Betz
Zachary Betz
10,413 Points

Yes, you need docker installed to use the sample owasp web app(s). Once you have docker installed, do the following to bring up the "vulnerable_app" (these same steps are in the included README file).

  1. Extract the Project Files to a folder of your choice
  2. Through command line, navigate to the "vulnerable_app" (for example, I'm on Windows OS, so I entered cd C:\Projects\owasp\vulnerable_app)
  3. Enter docker-compose up
  4. Open firefox and go to http://localhost:4000 and create a new user
Nekia McGee
Nekia McGee
4,491 Points
Nekia McGee
Nekia McGee
4,491 Points

The following worked for me which is located in the vulnerable_app\ReadME file. Also if using a Mac or Windows machine docker compose is included in your docker install so once you install docker you should be all set to continue with next steps. I hope this helps please feel free to ask as many questions as possible if you run into any issues!!! ^_^

OPTION 3 - Run NodeGoat on Docker

You need to install docker and docker compose to be able to use this option

The repo includes the Dockerfile and docker-compose.yml necessary to setup the app and the db instance then connect them together.

  • Change the db config in config/env/development.js to point to the respective Docker container. (This may already be the same in your development.js file, so you don't need to change anything just make sure yours matches the following.) db: "mongodb://mongo:27017/nodegoat",
  • Build the images: (Make sure you are in the following directory as customized to your file structure. Example- C:\Projects\owasp\vulnerable_app\config\env) docker-compose build
  • Run the app: docker-compose up

Open firefox and go to http://localhost:4000 and create a new user