This application is made with python flask that teaches users how to attack and protect against OWASP top 10 vuln.
This application has multiple OWASP top 10 vulnerabilities. The idea is that a user can download this application to their local environment test it for vulnerabilities (pen-testing) and then apply secure coding to the source code without breaking the app's functionality. Below is the basic training flow:
- First, test it from black-box simulations and try to find these vulnerabilities by exploiting the application.
- Then, try to fix the vulnerable code with the white-box approach by fully inspecting the code manually.
- Solutions can be found inside the "website/solutions" folders.
- git clone this repository to your local environment.
- download the dependencies with requirements.txt.
- execute the main.py to start the application.
- the main site can be accessed at http://localhost:8080/.
Warning
Spoiler Alert below! (For the the black-box testing approach)
Vuln |
---|
SQL Injection |
Stored XSS |
Reflected XSS |
LFI |
Remote Code Execution |
SSTI / RCE |
CSRF |
Insecure Session Management |
XXE |
IDOR |
Security Misconfiguration and RCE |
Note
The app is still in development. I am planning to implement more soon. ๐พ
Untitled.video.-.Made.with.Clipchamp.2.mp4
gorigorisensei