Brokencrystals

Overview

Broken Crystals is a comprehensive benchmark application designed to showcase various common security vulnerabilities using modern web technologies. Built with a React-based web client and a Node.js server, it serves both OpenAPI and GraphQL endpoints, enabling developers to explore and understand potential security flaws in API designs. Users can easily navigate through the application and its associated documentation, including Swagger UI and GraphiQL, providing a hands-on approach to learning about application security.

This application not only emphasizes practical security features but also provides a platform for testing and experimenting against these vulnerabilities. With an organized structure that allows for effective testing and development, Broken Crystals serves as a critical learning tool for developers and security professionals alike.

Features

• React-based Web Client & API: A modern, user-friendly interface built using React, allowing seamless interaction with the application.

• OpenAPI and GraphQL Endpoints: Dual support for REST API and GraphQL endpoints, presenting flexible options for developers to work with.

• JWT Authentication Vulnerabilities: Multiple endpoints demonstrate how broken JWT authentication can be exploited, providing real-life examples for educational purposes.

• Comprehensive Testing Framework: Integrates with SecTester to run tests and validate vulnerabilities, aiding in effective security assessments.

• Flexible Configuration Options: Offers an easily modifiable .env file to adjust API keys and target URLs, streamlining the setup process.

• Extensive Documentation: Detailed API documentation available through Swagger and GraphiQL, guiding users through each component and endpoint.

• In-depth Vulnerability Explanations: Clear descriptions of various vulnerabilities, such as Invalid Signature and KID Manipulation, help users understand the risks associated with poor security implementations.