Assignment from the course Cyber Security Base 2023 to create a web application that has at least five different flaws from the OWASP top ten list as well as their fixes. The application should have a backend.
In this implementation I made and fixed 5 vulnerabilities from OWASP 2017 top 10 list. 1. SQL injection, 2. Broken Acces Control, 3. Cryptographig Failure, 4. Cross-site Scripting (xss) and 5. Broken authentication. Best way to find vulnerabilities and fixes is to search commits. I committed vulnerabilities and fixes as I found them.
Before you begin, ensure you have met the following requirements:
You have installed the latest version of Python
You have a <Windows/Linux/Mac> machine. State which OS is supported/which is not.
git clone https://github.com/Kimpulla/cyber-security-base-2023-project.git
python --version
pip --version
https://www.python.org/downloads/ for Python
https://pip.pypa.io/en/stable/installation/ for pip
pip install -r requirements.txt
To use cyber-security-base-2023-project, follow these steps:
python manage.py migrate
python manage.py runserver
Then open your browser and navigate to http://localhost:8000.
Application has superuser: email: admin.admin@gmail.com password: Superuser123 username: admin
In case you can't use superuser, you can easily create one;
- Go to projects source folder project/src
- Run the following in the terminal: python manage.py createsuperuser
- Then fill usernames, passwords etc.
By using this code, the user assumes the responsibility for the outcomes. The developers do not guarantee any results and are not liable for any damages or losses caused by the use of this application. We highly encourage users to understand the workings of the code before using it in a production environment.