This is a repo of project made as a part of university course.
Theme of project: Security vulnerabilities
url on Heroku: https://site-with-vulnerabilities.herokuapp.com/
technologies: Python Django
implemented vulnerabilities:
Sensitive Data Exposure & Broken Access Control
instructions: (user interface is equipped with instructions)
It is necessary to register or use an already created account: username: password == santa: ilovechristmaspresents3
Home page - instructions for running the vulnerability and a secure page
Sensitive Data Exposure page - instructions for simulating this vulnerability
Broken Access Control page - instructions for simulating this vulnerability
Logout option - logout from the registered account
- for local startup it is necessary to have pip installed and activate virtual environment, after that pip install -r requirements.txt python3 manage.py migrate python3 manage.py runserver
-> app available at http://127.0.0.1:8000
note: zad is a vulnerable site, zad-fix is a secure site