OWASP Node.js Goat

About OWASP NodeGoat

Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Getting Started

The source code for the OWASP NodeGoat Project is located at Github Repo. You can use it in a couple of ways:


Tutorial Guide explaining how each of the OWASP Top 10 vulnerabilities can manifest in Node.js web apps and how to prevent it.

Hands-on Lab

A Vulnerable Node.js App for Ninjas to exploit, toast, and fix. You may like to set up your own copy of the app to fix and test vulnerabilities.


Here are the amazing contributors to the NodeGoat project.


Code licensed under the Apache License v2.0.