NotesKeeper is web application where users can read and write their notes from anytime and anywhere, but still there are some bugs related to API which needs to be pointed out before the bad guyz do their work. You can find the walkthrough on my blog
Reference : OWASP TOP 10
- Excessive Data Exposure
- Security Misconfiguration
- Broken User Authentication
- Cross Site Request Forgery
- Broken Access Controls
- Finding sensitive API Endpoints leaking some Data
- Account Takeovers using Reset Password
- Rate Limiting on User Account Creation and Login Page
- Reading other's notes
- Updating other's notes
- JSON based CSRF
- Privilege Escalation from user to admin
- Install the requirements from requiremet.txt
- Clone the repository
- python3 .\app.py
- Adding more functionalities in the Admin Panel
- Providing Defence mechanism (code change) for every vulnerability
- Twitter : Divyanshu Diwakar