White Hats
Project Description: 

White Hat’s Web Application Security project is a research-based security project built with the purpose of demonstrating and educating users about web application security vulnerabilities. The Open Web Application Security Project, better known as OWASP, is a nonprofit foundation that works to improve the security of software. As part of this effort, OWASP produces a list of Top 10 Web Application Security Risks. This project focuses on six of the OWASP Top 10 risks:

● SQL injection
● Broken Authentication
● Sensitive Data Exposure
● Broken Access Control
● Cross-Site Scripting (XSS)
● Sufficient Logging and Monitoring

In order to demonstrate these risks our team built two web applications for bullet journaling. The first application is built as an insecure application and then tested for vulnerabilities. As vulnerabilities were detected in the insecure web application, the second secure application was built to be hardened against the detected risks. Documentation of the insecure application’s vulnerabilities and solutions for securing against them were created and included in a repository as well as in links on the insecure site. This documentation also includes a “how to” for users to see an exploit in action on the insecure site.

The applications are built using Python, the Flask framework, and numerous Python libraries to implement the backend of the websites. The databases are implemented using MySQL servers. Frontend development uses HTML, CSS, and the Bootstrap framework. Testing was done using the Chrome browser and It is recommended that the project be viewed with it as well. The complete source code can be found on Github. https://github.com/cargillb/Capstone

While there exist many online resources that discuss web application vulnerabilities and provide isolated examples, our goal with this project is to create a resource where all this information is centralized, and presented in an environment where coders who are interested in learning about web security can quickly apply what they read to see the impact.

Project Team Member(s): 
Banks Cargill
Timothy Glew
Frederick Eley
College of Engineering Unit(s): 
Electrical Engineering and Computer Science
Undergraduate Project
Project Website(s): 
http://osu-capstone-project-insecure.herokuapp.com/
https://osu-capstone-project.herokuapp.com/
Project Communication Piece(s): 
AttachmentSize
PDF icon White Hats Poster545.11 KB
Project ID: 
EECS42