Back
Lorem Ipsum Forum
Home.png)
.png)
.png)
.png)
.png)
.png)
Project Description:
For this project, our team was tasked to create two versions of a website. A secure and vulnerable version.
Our team was tasked to exploit 2 vulnerabilities that we have chosen from the OWASP Top 10 Web vulnerabilities. The vulnerable version of the website has been intentionally configured with OWASP Top 10 flaws, while the secure version is protected against chosen vulnerabilities.
The team members and our chosen vulnerabilities are as follows:
- Goh Ee Sheng – Injection, Cross-Site Scripting, Cross-Site Request Forgery, Security Misconfiguration
- Neo Zhan Ming Derrick – Security Misconfiguration, XML External Entity
- Ernest Ng Ming Yi – Insecure Deserialization, Insufficient logging & monitoring
- Eileen Teh Fang Ling– Broken Authentication, Broken Access Control
We were also motivated to add in additional security features and mitigate more than the chosen 2 vulnerabilities in the secure version of the website.
My Contributions:
- Enabled Flask's autoescape functionality to escape special characters to protect against Cross Site Scripting
- Create MySQL database management system for our application
- Ensure website is not susceptible to Injection
- Created custom Anti-CSRF token
- Implemented sending OTPs to email for registration of accounts
Github Repositories:
- Vulnerable Version: https://github.com/goheesheng/ASPJ_Forum_Vulnerable
- Secure Version: https://github.com/goheesheng/ASPJ_Forum
Vulnerability Scanning Tool:
- OWASP ZAP
Created Using:
- MySQL
- Python
- Flask
- WTForms
- MySQL-connector-python
- Cryptography
Detailed Report on Implemented Features
Report
Goh Ee Sheng © 2023