GithubHelp home page GithubHelp logo

noteskeeper's Introduction

Vulnerable API Lab

About

NotesKeeper is web application where users can read and write their notes from anytime and anywhere, but still there are some bugs related to API which needs to be pointed out before the bad guyz do their work. You can find the walkthrough on my blog

Vulnerabilities

Reference : OWASP TOP 10

  • Excessive Data Exposure
  • Security Misconfiguration
  • Broken User Authentication
  • Cross Site Request Forgery
  • Broken Access Controls

Goals

  • Finding sensitive API Endpoints leaking some Data
  • Account Takeovers using Reset Password
  • Rate Limiting on User Account Creation and Login Page
  • Reading other's notes
  • Updating other's notes
  • JSON based CSRF
  • Privilege Escalation from user to admin

Installation

  • Install the requirements from requiremet.txt
  • Clone the repository
  • python3 .\app.py

Future Work

  • Adding more functionalities in the Admin Panel
  • Providing Defence mechanism (code change) for every vulnerability

Creator

References

noteskeeper's People

Contributors

secthebit avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.