Introduction • Prerequisites • Mona Gallery • License • Maintainers • Support • Learning Resources •
This repository contains the source code for the delibrately vulnerable Mona Gallery web application used for security training purposes.
If you want to run the Mona Gallery application, you will require Docker. You can run the application with a simple docker compose up command. For more information on ports and services see the docker compose file.
There are two users you can use to log into the app via OIDC integration. For details see passwords file.
The Mona Gallery is a delibrately vulnerable web application consisting of several prevalent vulnerability types, such as SQL injection, XSS, and deserialization, among others. The application's codebase is diverse, utilizing multiple technologies, including Go, Python, Javascript, and Java. A architecture diagram can be found below. We will use this application's codebase for this workshop.
The application's frontend is built with Vue.js 3 and Bootstrap 5, while authorization is managed through the Zitadel OIDC service implemented in Go. Middleware functions are handled in Python. The API is developed in Go, and Blob storage is implemented with MinIO, written in Java. Furthermore, the API layer is also implemented in Go, and the database relies on SQL Lite. Each of these services is encapsulated in its respective Docker container, resulting in a total of five images. To run the application, you can utilize Docker Compose.
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
See the CODEOWNERS for the list of maintainers.
The support process is outlined in the SUPPORT.md