Share
## https://sploitus.com/exploit?id=7B01836F-6239-5E5B-AEF3-097555B4FB1D
# ๐Ÿ›ก๏ธ Web Application Security Project

## ๐Ÿ“Œ Overview
This project demonstrates a basic vulnerability assessment and security enhancement of a web application built using Flask.

The goal of this project was to:
- Identify common web vulnerabilities
- Exploit them for understanding
- Apply fixes to secure the application

---

## ๐Ÿ” Vulnerabilities Identified

- SQL Injection (Authentication Bypass)
- Cross-Site Scripting (XSS)
- Weak Password Storage
- Error-Based SQL Injection

---

## ๐Ÿงช Testing Performed

The following tests were conducted:

- Manual browser-based testing
- SQL Injection using:
  admin' OR '1'='1
- XSS testing using:
  alert('XSS')
- Database inspection using SQLite Viewer
- Basic penetration testing techniques

---

## ๐Ÿ“ธ Screenshots

### ๐Ÿ”น User Interface (Login Page)
![UI](screenshots/3_ui_login_page.png)

---

### ๐Ÿ”น User Registration Success
![Register](screenshots/2_user_registered_success.png)

---

### ๐Ÿ”น Normal Login
![Login Success](screenshots/4_normal_login_success.png)

---

### ๐Ÿ”น SQL Injection Attack
![SQL Injection](screenshots/7_sql_injection_success.png)

---

### ๐Ÿ”น SQL Error (Error-Based Injection)
![SQL Error](screenshots/5_sql_error.png)

---

## ๐Ÿ› ๏ธ Fixes Implemented

- Parameterized queries to prevent SQL Injection
- Password hashing using werkzeug.security
- Input sanitization using escape()
- Security headers using Flask-Talisman
- Logging system for monitoring events
- Input validation for user data

---

## ๐Ÿงพ Logging

The application logs important events such as:
- User registration
- Login attempts (success and failure)
- Search queries

Logs are stored in:

security.log