Django.nV: The Intentionally Vulnerable Django App
Seth Law
- Audience level:
- Novice
- Category:
- Security
Description
Django.nV is an intentionally vulnerable training tool built to help developers identify and test security vulnerabilities in the Django web framework. Django.nV application will be used to demonstrate attacks, defense, exploits, and resolution of security vulnerabilities. The vulnerabilities include, but are not limited to, the OWASP Top 10, mass assignment, and many more.
Abstract
The application is still in development but will contain at least the following functionality:
-
Simple project status - unauthenticated
-do task list with description of projects/due dates/ who is working on them
-
Authentication
- User options (change username, password)
**Roles**
- Admin - can create projects/remove them/assign people
- can see all projects/tasks
- Project Manager - can add tasks to project/remove them/ assign people
- can see only the tasks of project given to him/her
- Project Team Member - can comment on tasks/ mark they are done
- can see only the tasks of project given to him/her
To see some of nVisium’s previous open source projects please see the links below:
-
Swift.nV
https://github.com/nVisium/Swift.nV
- Grails.nV
https://github.com/nVisium/grails.nV
- RailsGoat
https://github.com/OWASP/railsgoat
- GoatDroid
https://github.com/jackMannino/OWASP-GoatDroid-Project