Lab: API Mass Assignment & Excessive Data Exposure (OWASP API3:2023)
A modern AppSec lab demonstrating API Mass Assignment and Excessive Data Exposure (OWASP API3:2023) in a Node.js Express service.
Small, self-contained security labs you can run locally with the Docker CLI (Podman-compatible). Each lab includes a vulnerable build, a fixed build, and a short walkthrough.
docker (Podman-compatible)A modern AppSec lab demonstrating API Mass Assignment and Excessive Data Exposure (OWASP API3:2023) in a Node.js Express service.
A minimal, realistic container lab where you start as a low-privilege user (student) and escalate to root due to a dangerous sudoers rule.
A minimal Flask app that demonstrates common file upload risk patterns and how to fix them.
A focused case study demonstrating Broken Access Control via an Insecure Direct Object Reference (IDOR).
A minimal PHP + Apache lab that demonstrates how risky upload handling and command execution from user input can lead to full application compromise.
A minimal Flask app with a deliberately vulnerable login that is susceptible to SQL injection.
A small DevSecOps-focused lab demonstrating Server-Side Request Forgery (SSRF) in a controlled, container-only setup.
A minimal Flask app that demonstrates Server-Side Template Injection (SSTI) using Jinja2.
A Dockerized vulnerable web application demonstrating Stored Cross-Site Scripting (Stored XSS) using a simple support ticket system.
A containerized security lab demonstrating common JWT authentication and authorization flaws, including alg=none acceptance and insecure trust of user-controll…
A realistic DevSecOps-focused lab demonstrating Web Cache Poisoning using a containerized environment running Nginx as a reverse proxy cache and a Flask-based…