Evil App is an intentionally vulnerable Golang application intended for learning about security vulnerabilities within Golang. Currently implemented vulnerabilities are:
SQL Injection
Reflected Cross-Site Scripting (XSS)
Upcoming vulnerabilities:
Command Injection
Path Traversal
Pre-Requisites
Normal
Go >= 1.16
Contrast
contrast-go >= 0.14.0
contrast-service >= 2.19.0
Normal Build/Run Instructions
Build
go build
Run
./evil-app
Contrast Build/Run Instructions
Build with Contrast
Must have contrast-go installed.
contrast-go build -o evil-app
Run with Contrast
Download contrast_security.yaml from Contrast to application directory