Archived

This repository has been archived on 2025-03-30. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.

Vili Sinervä 1ed03f7d53

Add reminders for the upcoming vulnerabilities

2024-11-24 18:03:12 +02:00

783 B

Raw Blame History

Cyber Security Base course project 1

Purpose

A very insecure web app for the University of Helsinki Cyber Security Base -course. The point is to demonstrate common cyber security problems and their fixes.

Description of vulnerabilities

NOTE: More detailed description of problems coming soon.

I am using the 2021 OWASP Top Ten list.

LINK: https://github.com/VSinerva/csb-project-1

I am using the basic Django template, so no instructions are included.

FLAW 1:

Broken Access Control (Can delete another user's notes)

FLAW 2:

Cryptographic Failure (Weak/No password hashing)

FLAW 3:

SQL Injection (Unsanitized SQL query for search)

FLAW 4:

Identification and Authentication Failure (No password strength checks)

FLAW 5:

CSRF (No CSRF token for Delete)

783 B Raw Blame History

Cyber Security Base course project 1

Purpose

Description of vulnerabilities

783 B

Raw Blame History