Task

About application

A dumb vulnerable Node.js application built with Express.js that exposes a /screenshot endpoint. Screenshots are realized through Puppeteer which handles browser API via a Headless Chromium instance.

Setup

Fork this repository under your GitHub namespace
Install dependencies npm install
Run Docker container docker compose up
Take a screenshot curl -s http://localhost:80/screenshot?url=https://tidio.com
Screenshot should appear in app/screenshot directory

Your task

Prepare a detailed security assessment report that documents spotted vulnerabilities, weaknesses and misconfigurations. Propose recommendations and remediations. If you are able, provide a full attack chain or at least part of it.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
app		app
.dockerignore		.dockerignore
.gitignore		.gitignore
.prettierrc		.prettierrc
README.md		README.md
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Task

About application

Setup

Your task

About

Uh oh!

Releases

Packages

Languages

dastaj/product-security-engineer-task

Folders and files

Latest commit

History

Repository files navigation

Task

About application

Setup

Your task

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages