Skip to content

Latest commit

 

History

History
60 lines (39 loc) · 2.13 KB

README.md

File metadata and controls

60 lines (39 loc) · 2.13 KB

Fortify Security Scan

IWA-API-Node

Table of Contents

Overview

IWA-API-Node is an insecure NodeJS/ExpressJS REST API for use in Fortify demonstrations. It includes some examples of bad and insecure code - which can be found using static and dynamic application security testing tools such as those provided by Fortify by OpenText.

The application is intended to provide the backend functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc).

Please note: the application should not be used in a production environment!

Forking the Repository

In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation

  • you can start the process by clicking on the "Fork" button at the top right.

Setting up the Development Environment

For this application to run you will require the following to be installed:

Clone the repository (preferably your fork from above) and then install all the required third-party packages using:

Running the Application

Install npm packages

npm i
npm i -g ts-node-dev

Populate MongoDB

node mongodb/populateDb.js all

Start Express API

npm run dev

The API should then be accessible at http://localhost:3000