Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

1. Install Node.js - NodeGoat requires Node v0.10.*
2. Git command line tools - follow the setup instructions on GitHub or download here

Open a command prompt / terminal window and run the command below from the parent directory inside which you would like the NodeGoat code copied.

git clone https://github.com/OWASP/NodeGoat.git

0. Install node modules

cd NodeGoat
npm install

0. Create and populate local DB

1. Connect to mongod

2. From a system prompt, start mongo by issuing the mongo command

3. Paste contents of nodegoat_db_reset.js at root directory on mongo console

4. Add an entry for DB path in config/env/development.js as

var devConfig = {
  db: "mongodb://localhost/nodegoat" // path to local mongo db
  // any other dev specific entries here
};

0. Start server

grunt run

This starts the NodeGoat application at url http://localhost:5000/

The default application settings (database url, http port, etc.) can be changed by updating the [config file] (https://github.com/OWASP/NodejsGoat/blob/master/config/env/all.js).

Contributions from community are key to make NodeGoat a high quality comprehensive resource. Lets make NodeGoat awesome together!

New to git? You may find these resources helpful:

• GitHub's git tutorial
• git - the simple guide
• git tutorials and workflows

Depending on your preference, you can contribute in various ways. Here are tasks planned for upcoming release. To begin, inform team about task you would like to contribute on, or send any other suggestions you may have using NodeGoat Google Group.

1. Assign a task from project task list to yourself.
2. Implement the changes in a fork.
3. Once code is ready to commit, run command:

grunt precommit

This command indents code using js-beautifier and shows any jsHint errors. These coding conventions are checked using jsHint. Resolve all jsHint errors before committing the code.

4. Commit the changes by adding issue number into a commit message
5. Submit a pull request

Here are the amazing contributors to the NodeGoat project.

• Contact team by posting a message on NodeGoat Google Group

Code licensed under the Apache License v2.0.