OWASP Node.js Goat

About OWASP NodeGoat

Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Getting Started

The source code for the OWASP NodeGoat Project is located at Github Repo. You can use it in a couple of ways:

Hands-on Lab

Set up your own copy of the app to fix and test vulnerabilities.


Here are the amazing contributors to the NodeGoat project.


Code licensed under the Apache License v2.0.