DVFA: Damn Vulnerable Flask App 🕸🐍

The following Flask App is vulnerable to common web vulnerabilities (OWASP Top 10).

Currently supported vulnerabilities are:

Broken Access Control
Server-Side Request Forgery (SSRF)
XSS (stored and reflected)

Upcoming supported vulnerabilities:

CSRF

I added a small explanation about each vulnerability and a possible way to fix it on the landing page (index/root). The code might contain more specifics on how to fix the particular vulnerability.

Installation

# We'll be using a virtual environment for installing the dependencies
py -3 -m venv py3-venv
py3-venv\Scripts\activate

# Install dependencies (will soon be replaced by requirements.txt)
pip install flask
pip install flask_wtf

# Start the web app
py app.py

Previews

Click on the GIFs to open an enlarged view.

Broken Access Control

Server-Side Request Forgery (SSRF)

Cross-Site-Scripting (XSS)

To-Do's

Create requirements.txt
Remove Flask debugging
Add more vulnerabilities :)

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
static		static
templates		templates
.gitignore		.gitignore
README.md		README.md
app.py		app.py
db.py		db.py
forms.py		forms.py
routes.py		routes.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

static

static

templates

templates

.gitignore

.gitignore

README.md

README.md

app.py

app.py

db.py

db.py

forms.py

forms.py

routes.py

routes.py

Repository files navigation

DVFA: Damn Vulnerable Flask App 🕸🐍

Installation

Previews

Broken Access Control

Server-Side Request Forgery (SSRF)

Cross-Site-Scripting (XSS)

To-Do's

About

Releases

Packages

Languages

maximilianmarx/DVFA

Folders and files

Latest commit

History

Repository files navigation

DVFA: Damn Vulnerable Flask App 🕸🐍

Installation

Previews

Broken Access Control

Server-Side Request Forgery (SSRF)

Cross-Site-Scripting (XSS)

To-Do's

About

Topics

Resources

Stars

Watchers

Forks

Languages