Archived

A very insecure web app for the University of Helsinki Cyber Security Base -course

This repository has been archived on 2025-03-30. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.

Find a file

Vili Sinervä 9e55b0a1ed Add new user registration		2024-11-25 16:19:45 +02:00
notes	Add new user registration	2024-11-25 16:19:45 +02:00
project	Reorder files	2024-11-24 16:45:26 +02:00
.gitignore	Initial commit	2024-11-24 14:20:48 +02:00
LICENSE	Initial commit	2024-11-24 14:20:48 +02:00
manage.py	Reorder files	2024-11-24 16:45:26 +02:00
README.md	Add reminders for the upcoming vulnerabilities	2024-11-24 18:03:12 +02:00

README.md

Cyber Security Base course project 1

Purpose

A very insecure web app for the University of Helsinki Cyber Security Base -course. The point is to demonstrate common cyber security problems and their fixes.

Description of vulnerabilities

NOTE: More detailed description of problems coming soon.

I am using the 2021 OWASP Top Ten list.

LINK: https://github.com/VSinerva/csb-project-1

I am using the basic Django template, so no instructions are included.

FLAW 1:

Broken Access Control (Can delete another user's notes)

FLAW 2:

Cryptographic Failure (Weak/No password hashing)

FLAW 3:

SQL Injection (Unsanitized SQL query for search)

FLAW 4:

Identification and Authentication Failure (No password strength checks)

FLAW 5:

CSRF (No CSRF token for Delete)