Skip to content

carsdotcom/security_training_example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.cursor/rules
.cursor/rules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
safe_server.js
safe_server.js
 
 
server.js
server.js
 
 

Repository files navigation

Security Training Example

This project demonstrates common web application security vulnerabilities and their secure implementations.

Files

  • server.js - Vulnerable server with intentional security flaws for educational purposes
  • safe_server.js - Secure implementation showing proper security practices

Vulnerabilities Demonstrated

1. Reflected XSS (Cross-Site Scripting)

  • Location: server.js lines 20-28
  • Issue: User input is directly inserted into HTML without sanitization
  • Test payload: <script>alert('xss')</script>
  • Impact: Malicious scripts can be executed in users' browsers

Running the Examples

Vulnerable Server

node server.js

Navigate to http://localhost:3000 and try the XSS payload.

Secure Server

node safe_server.js

Navigate to http://localhost:3000 to see the secure implementation.

Learning Objectives

Students will learn:

  • How XSS vulnerabilities occur
  • The importance of input validation
  • Output encoding techniques
  • Content Security Policy (CSP) implementation
  • Secure coding practices

Security Best Practices Demonstrated

  • Input validation and sanitization
  • Output encoding
  • Content Security Policy headers
  • Proper error handling
  • Security headers implementation

Educational Use

This project is designed for security training and educational purposes. The vulnerable code is intentionally left unfixed to demonstrate real-world security issues.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages