The following tasks were performed as part of an assignment for "Application Security" course at New York University
Auditing and test cases (Part 1)
- Perform one attack that exploits a
Cross-site scripting (XSS)vulnerability - Perform one attack that exploits a
Cross-site request forgery (CSRF)vulnerability - Perform one attack that exploits an
SQL injectionvulnerability - Break a salted password using a dictionary and retrive the original password
- Fix the vulnerabilities
- Use
Travis CIto perform regression tests - Write a bugs.txt explaining the bug code, payload used to exploit it and the fix.
Database encryption (Part 2)
- Encrypt database models
- Safe key management
- A write up explaining the process