NodeGoat Versions Save

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

v1.4

4 years ago
  • Addition of details on SSRF, Context specific XSS validations
  • Defect fixes
  • Updates to target Node.js version
  • Optimization to Docker config
  • Addition of integration tests with cypress
  • Travis CI integration

v1.3

6 years ago
  • Additional vulnerability examples
  • Update insecure dependencies
  • Fix documentation typos

v1.2

7 years ago

This release includes:

  1. Code changes to use Express 4.x
  2. Deployment options for the NodeGoat app via a Docker image and "Deploy on Heroku" button
  3. Security tests using Zap API

v1.1

9 years ago

Release Notes:

  • Improvements to tutorial and addition of screencasts
  • Improved login page design
  • Changes to profile module to better demonstrate CSRF attack

v1.0.1

9 years ago

Changes since previous release:

  1. Allows to set optional MONGODB_URL env variable
  2. Fix for issue #33