This application is intentionally vulnerable and created for educational purposes only. It should NEVER be deployed to production environments.
This security policy covers the intentional vulnerabilities included in this educational application.
This application contains the following intentional security vulnerabilities:
- SQL Injection
- Cross-Site Scripting (XSS)
- Insecure Authentication
- Broken Access Control
- Command Injection
- Insecure File Upload
- Sensitive Data Exposure
- Security Misconfiguration
- And many more...
Since this application is intentionally vulnerable, please do not report the intentional vulnerabilities as security issues. However, if you find:
- Unintended vulnerabilities that were not meant to be included
- Improvements to the educational content
- Issues with the documentation
Please report them by opening an issue in the GitHub repository.
This is an educational project and is not intended for production use. There are no "supported" versions in the traditional sense.
If you're using this application for learning:
- Never deploy to production
- Run only in isolated environments
- Use for educational purposes only
- Do not store real user data
- Do not use real credentials
- Use this application to learn about security vulnerabilities
- Practice identifying and fixing security issues
- Understand the impact of different vulnerability types
- Learn about secure coding practices by fixing the issues
This software is provided for educational purposes only. Users are responsible for ensuring they use this software in compliance with applicable laws and regulations. The authors are not responsible for any misuse of this software.