Insecure Forum

An intentionally vulnerable Java Spring Boot web application designed for security testing and educational purposes.

⚠️ WARNING: This application contains deliberate security vulnerabilities and should NEVER be used in production.

Quick Start

# Build and run
mvn clean package
java -jar target/insecureforum-0.0.1-SNAPSHOT.war

# Or using Maven
mvn spring-boot:run

Access the application at http://localhost:8180

Default Credentials

admin/admin
eddy/eddy
john/john

Tech Stack

Java 8
Spring Boot 1.5.19
H2 Database (in-memory)
JSP/JSTL
Maven

Security Vulnerabilities

This application intentionally contains:

SQL Injection
Insecure authentication
Missing CSRF protection
No input validation
Plain text passwords

Testing

mvn test

Security Analysis

Use Fortify CLI for security scanning (see CLAUDE.md for detailed workflow).

Name		Name	Last commit message	Last commit date
Latest commit History 72 Commits
.github/workflows		.github/workflows
.mvn/wrapper		.mvn/wrapper
src/main		src/main
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
azure-pipelines.yml		azure-pipelines.yml
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml
scan.bat		scan.bat
test.sh		test.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Insecure Forum

Quick Start

Default Credentials

Tech Stack

Security Vulnerabilities

Testing

Security Analysis

About

Uh oh!

Releases

Packages

Uh oh!

Languages

Santhosh26/insecureforum

Folders and files

Latest commit

History

Repository files navigation

Insecure Forum

Quick Start

Default Credentials

Tech Stack

Security Vulnerabilities

Testing

Security Analysis

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages