Coalson, Lindsay, Miller, Sullivan
Oregon State University
Capstone 2024-2025
This project consists of two main parts:
This documentation is intended to be used as a guide to the web application. It is also intended to be used as a presentation and discussion of web security. The documentation is divided into several sections, each of which corresponds to a different aspect of web security. Each section contains a description of the vulnerability, a walkthrough of how to exploit this vulnerability on our application and common methods of mitigation.
The initial assignment was to develop a web application, iteratively implementing security features as we developed and tracking these improvements. We decided to enhance this approach by providing an interactive experience that allows users to explore common vulnerabilities and create mock attacks on the application. We have utilized a modern front end framework that allows for this type of dynamic interaction, while still using common technologies like a RESTful API and a relational database. This project is a culmination of our learning experience in web security, and we hope that it will be a useful tool for others to learn and practice web security.
At this point, the application requires to be run in a virtual environment. See the Setup Guide for full instructions.
After setting up, the application should be accessible at http://localhost:5173/ and the API should be accessible at http://localhost:5000/.
Go to the Exploration Guide to learn how to use (and hack) the application.