IWA-API is an insecure NodeJS/ExpressJS REST API for use in Fortify demonstrations. It includes some examples of bad and insecure code - which can be found using static and dynamic application security testing tools such as those provided by Fortify by OpenText.
The application is intended to provide the backend functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc).
Please note: the application should not be used in a production environment!
In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation
- you can start the process by clicking on the "Fork" button at the top right.
For this application to run you will require the following to be installed:
Clone the repository (preferably your fork from above) and then install all the required third-party packages using:
Install npm packages
npm install
Populate MongoDB
npm run populate-db-devStart Express API
npm run devThe API should then be accessible at https://localhost:3000