Advanced Web Threats II (Spring Boot)

This web application is intentionally vulnerable; once up and running, open up Burp Suite and write a security report

Application Requirements

Backend - Spring Boot, Postgresql, JDBC

Frontend - React, Node.js (built and served with Nginx)

Everything runs easy in – Docker

Admin Access

• Log in as superadmin@email.com : admin123

Base User

• Register with any username, email, and password

Project Structure

dvelupmint/

• backend/
  ├── src/
  ├── target/
  ├── Dockerfile
  └── pom.xml
• frontend/
  ├── node_modules/
  ├── public/
  ├── src/
  ├── Dockerfile
  ├── nginx.conf
  └── package.json
  

├── .env.example ← Copy to .env and fill values
├── docker-compose.yml
└── README.md

Quick Start (Docker)

1. Clone the repository

   git clone https://github.com/d-velopr/vuln-springboot-app.git
   
   cd vuln-springboot-app

2. Copy and adjust environment variables

   cp .env.example .env
   
   # edit .env
   APP_NAME=dvelupmint
   # Database
   DB_PASSWORD={Your-Database-Password}
   DB_NAME={Your-Database-Name}
   # JWT (A 33+ char. random string that is base 64 encoded)
   JWT_SECRET={Generate-A-Long-Random-Base-64-Encoded-Key}
   # Spring
   SPRING_PROFILES_ACTIVE=dev

3. Start everything with one command

   docker compose up -d --build

Open in browser:

Frontend → http://localhost:3000

Backend API → http://localhost:8080/api/…

(optional) pgAdmin → http://localhost:5050 (if enabled)

Shutdown Gracefully

docker compose down