Share
## https://sploitus.com/exploit?id=7B01836F-6239-5E5B-AEF3-097555B4FB1D
# ๐ก๏ธ Web Application Security Project
## ๐ Overview
This project demonstrates a basic vulnerability assessment and security enhancement of a web application built using Flask.
The goal of this project was to:
- Identify common web vulnerabilities
- Exploit them for understanding
- Apply fixes to secure the application
---
## ๐ Vulnerabilities Identified
- SQL Injection (Authentication Bypass)
- Cross-Site Scripting (XSS)
- Weak Password Storage
- Error-Based SQL Injection
---
## ๐งช Testing Performed
The following tests were conducted:
- Manual browser-based testing
- SQL Injection using:
admin' OR '1'='1
- XSS testing using:
alert('XSS')
- Database inspection using SQLite Viewer
- Basic penetration testing techniques
---
## ๐ธ Screenshots
### ๐น User Interface (Login Page)

---
### ๐น User Registration Success

---
### ๐น Normal Login

---
### ๐น SQL Injection Attack

---
### ๐น SQL Error (Error-Based Injection)

---
## ๐ ๏ธ Fixes Implemented
- Parameterized queries to prevent SQL Injection
- Password hashing using werkzeug.security
- Input sanitization using escape()
- Security headers using Flask-Talisman
- Logging system for monitoring events
- Input validation for user data
---
## ๐งพ Logging
The application logs important events such as:
- User registration
- Login attempts (success and failure)
- Search queries
Logs are stored in:
security.log