GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fportantier → Vulpy

fportantier / Vulpy

Licence: mit
Vulnerable Python Application To Learn Secure Development

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securitywebflasksqlite

Projects that are alternatives of or similar to Vulpy

Jianso movie
🎬 电影资源爬虫,电影图片抓取脚本,Flask|Nginx|wsgi
Stars: ✭ 114 (+356%)
Mutual labels:  sqlite, flask
Cancer Donation Portal Python Flask App
Flask App for Cancer Donation Portal using basic Python, SQLite3, HTML, CSS and Javascript
Stars: ✭ 32 (+28%)
Mutual labels:  sqlite, flask
Ok ip proxy pool
🍿爬虫代理IP池(proxy pool) python🍟一个还ok的IP代理池
Stars: ✭ 196 (+684%)
Mutual labels:  sqlite, flask
Sqlite Web
Web-based SQLite database browser written in Python
Stars: ✭ 1,169 (+4576%)
Mutual labels:  sqlite, flask
Scout
RESTful search server written in Python, powered by SQLite.
Stars: ✭ 213 (+752%)
Mutual labels:  sqlite, flask
Fuse
A simple file sharing web service in Vue.js and Flask
Stars: ✭ 7 (-72%)
Mutual labels:  flask
Senseme
Python Library for Haiku SenseMe app controlled fans/lights
Stars: ✭ 19 (-24%)
Mutual labels:  flask
Flask Sqlalchemy Blogger Example
Blog Posts application using sqlalchemy
Stars: ✭ 6 (-76%)
Mutual labels:  flask
Diesel
A safe, extensible ORM and Query Builder for Rust
Stars: ✭ 7,702 (+30708%)
Mutual labels:  sqlite
Python Flask First Website
Stars: ✭ 26 (+4%)
Mutual labels:  flask
Hello Ai
AI, Tensorflow, Inceptionv3, AI as a Service, Flask
Stars: ✭ 23 (-8%)
Mutual labels:  flask
Chronicel
Our super sweet hacker management system, built for HackTCNJ 2017+ | Used by [email protected] 2018!
Stars: ✭ 18 (-28%)
Mutual labels:  flask
Delphi Orm
Delphi ORM
Stars: ✭ 16 (-36%)
Mutual labels:  sqlite
Sqlite Transform
Tool for running transformations on columns in a SQLite database
Stars: ✭ 22 (-12%)
Mutual labels:  sqlite
Apispec
A pluggable API specification generator. Currently supports the OpenAPI Specification (f.k.a. the Swagger specification)..
Stars: ✭ 831 (+3224%)
Mutual labels:  flask
Gpt2 App
A Flask Web App for Generating Text with GPT-2
Stars: ✭ 24 (-4%)
Mutual labels:  flask
Chronophore
Desktop app for tracking student sign-ins in a tutoring center.
Stars: ✭ 6 (-76%)
Mutual labels:  sqlite
Multi Threading Camera Stream
Multi-threading camera stream to improve video processing performance
Stars: ✭ 18 (-28%)
Mutual labels:  flask
Fluddy
🤝 A dependency-free command line utility for managing, updating, creating and launching Flask Apps.
Stars: ✭ 23 (-8%)
Mutual labels:  flask
Fullstack Flask Vuejs Argon Design
Flask Vuejs - Built with Automation Tools | AppSeed App Generator
Stars: ✭ 18 (-28%)
Mutual labels:  flask
View All Similar Projects ➔

Vulpy - Web Application Security Lab

Vulpy is a web application developed in Python / Flask / SQLite that has two faces.

GOOD: Tries to code with secure development best practices in mind.

BAD: Tries to code like (possibly) you. :p

Is developed has a laboratory for the following courses:

Secure Development of Securetia (https://www.securetia.com/cursos.html) Secure Development of EducaciónIT (https://www.educacionit.com/curso-de-desarrollo-seguro)

But you can use it has you want (MIT License)

OWASP Application Security Verification Standard

The "GOOD" version (not finished yet) will comply with the OWASP ASVS:

https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

This will permit learn how to develop python code following the best security practices.

Installation

::

git clone https://github.com/fportantier/vulpy

cd vulpy

pip3 install --user -r requirements.txt

Features

  • Login/Logout
  • Read posts from other users
  • Publish posts
  • Multi-Factor Authentication (MFA)
  • API for read and write posts
  • Content Security Policy
  • SSL/TLS Server

Vulnerabilities

Some of the vulnerabilities present on the "BAD" version:

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Cross Site Request Forgery (CSRF)
  • Session Impersonation
  • Insecure Deserialization
  • Authentication Bruteforce
  • Authentication Bypass

Note: The "GOOD" version (not finished yet) is supposed to don't have vulnerabilities, but I'm a human being, so...

Database Initialization

Both, "BAD" and "GOOD" versions, requires an initialization of the database.

This is done with the script "db_init.py" inside each of the directories (bad, and good).

Each version has their own sqlite files for the users and posts.

The execution of the script is, for example:

::

cd bad ./db_init.py

Default Credentials

After database initialization, three users are created:

::

Username Password

admin SuperSecret elliot 123123123 tim 12345678

You can login with any user, the application doesn't have a permissions system, so, the three have the same permissions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].