Skip to content

haltacademy/Web-Application-Lab-Docker-

Repository files navigation

Web Application Lab Docker

A Dockerized web application security training environment built with PHP and MySQL. This repository contains a collection of intentionally vulnerable labs designed for hands-on practice with common web application flaws such as SQL injection, cross-site scripting (XSS), command injection, file upload bypasses, authentication issues, XXE, IDOR, and a capstone challenge.

Docker PHP MySQL

⚠️ Security Notice

This project is intentionally vulnerable and is meant for educational and authorized security testing only.

  • Do not expose it to the public internet.
  • Use it only in isolated or private environments.
  • Destroy the environment when it is no longer needed.

Overview

The lab environment is designed to help learners practice and understand:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Command Injection
  • File Upload Vulnerabilities
  • Authentication and Authorization weaknesses
  • XXE and IDOR concepts
  • A multi-step capstone challenge

Features

  • Fully containerized setup using Docker Compose
  • PHP-based vulnerable web app
  • MySQL database services for the labs and capstone
  • Simple onboarding flow for initial database setup
  • Instructor-friendly structure for walkthroughs and challenges

Prerequisites

Before getting started, ensure you have the following installed:

  • Docker Engine 24+
  • Docker Compose v2
  • At least 4 GB of RAM available

Quick Start

  1. Clone the repository:
git clone git@github.com:haltacademy/Web-Application-Lab-Docker-.git
cd Web-Application-Lab-Docker-
  1. Build and start the containers:
docker compose up --build -d
  1. Open the application in your browser:
http://localhost/
  1. Initialize the database if prompted:
http://localhost/init.php

After initialization, refresh the main page and begin the labs.

Services

The Docker environment includes the following services:

Service Purpose Access
Web App Main PHP application and labs http://localhost/
MySQL Lab DB Database for the training labs localhost:3306
MySQL Capstone DB Database for the capstone challenge localhost:3307

Lab Coverage

The repository includes the following categories of exercises:

  • Injection 0x01 / 0x02 / 0x03
  • XSS 0x01 / 0x02 / 0x03
  • Command Injection 0x01 / 0x02 / 0x03
  • File Upload 0x01 / 0x02 / 0x03
  • Authentication 0x01 / 0x02 / 0x03
  • XXE, IDOR, and Capstone modules

Project Structure

.
├── assets/              # Static assets and styling
├── capstone/            # Capstone challenge application
├── labs/                # Vulnerable lab pages and exercises
├── Dockerfile           # PHP + Apache container definition
├── docker-compose.yml   # Multi-container environment
├── init.php             # Database initialization for labs
├── init_init.php        # Additional initialization logic
├── db.php               # Database connection configuration
└── checks.php           # Basic app health checks

Useful Commands

Start the environment:

docker compose up -d

Stop the environment:

docker compose down

Stop and remove volumes:

docker compose down -v

Rebuild after code changes:

docker compose up --build -d

Notes

If the application shows a database-related error on first launch, visit the initialization page once and then refresh the main dashboard.

Contributing

Contributions and improvements are welcome. Please open an issue or submit a pull request with your proposed changes.

About

Web Security Lab

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages