Skip to content

Latest commit

 

History

History

ecommerce-api

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
app
app
 
 
deployments
deployments
 
 
docs
docs
 
 
images
images
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

README.md

Vulnerable Ecommerce API

This is a simple Golang web application that contains an example of a Broken Access Control vulnerability.

What is Broken Access Control?

Definition from OWASP:

Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc.

Requirements

To build this lab you will need Docker and Docker Compose.

Deploy and Run

After cloning this repository, you can type the following command to start the vulnerable application:

$ make install

Then simply visit localhost:8888 !

Attack Narrative

To understand how this vulnerability can be exploited, check this section!

Mitigating the vulnerability

(Spoiler alert 🧐) To understand how this vulnerability can be mitigated, check this other section!

Contributing

Yes, please. ⚡