/web_security_testing

Repository contains an online education portal filled with web vulnerabilities.

Primary LanguagePHPApache License 2.0Apache-2.0

website-logo

KnowledgeHUB : A vulnerable education portal

This project's sole purpose is for website security testing keeping in mind the OWASP Top 10.
The major web vulnerabilities in this project are :

  1. SQL Injection
  2. Stored XSS
  3. Shell Uploading
  4. Clickjacking
  5. Business Logic
  6. Cross Site Request Forgery (CSRF)

Languages

standard-readme compliant standard-readme compliant standard-readme compliant standard-readme compliant
standard-readme compliant standard-readme compliant standard-readme compliant

Objective

The project signifies the importance of website security in today's world as it emphasizes on the major attacks that usually occur accross the world. It contains intentional web vulnerabilities and the methods of securing it are present in the code itself.

Requirements

1) Code Editor

Today we are surrounded by several code editors. If you use Mac, I strongly recommend Sublime Text.
For Windows and Linux users, Visual Studio Code is one of the best.

2) Browser

People often use Chrome; however, for web development and security testing; I recommend Firefox.

3) Server Hosting

If you are excellent with NodeJS, then you can easily make server at localhost. But, a much faster and easier way to do this is by using XAMPP. This project was created using XAMPP.

4) Vulnerability Tester

Since this project revolves around web testing, use of a vulnerability software is helpful. I recommend Burp Suite for this task.

Extra Requirements

Firefox Browser

Type 'about:config' in your search bar. After the advance settings tab open, goto 'network.proxy.allow_hijacking_localhost'. If it is set to FALSE, double click on it to make it TRUE.

Database Creation

If you are using XAMPP, then you should first open the control tab and start Apache and MySQL. After this, Go to your browser and type in 'localhost'. You will be greeted by XAMPP Welcome Page. On top right corner, you will see 'phpmyadmin'. Go there and create a new database called 'studyportal'. After creating it, look carefully for 'Import' option on the dashboard of the database. Click on it and choose the file to be uploaded. In the ZIP folder of my project, I have included a SQL file named 'studyportal.sql' . Upload this file and your database is ready. Do the similar steps for another database named 'hacking' and upload 'hacking.sql' .

Burp Suite Setup

For setting up Burp Suite, Click Here. Also, to download Burp Suite Certificate, Click Here. If you are unable to access webpage, then wait for some time and access it later.

Screenshots

homepage

courses-webpage

faculty-webpage

book-webpage

registration-webpage

login-webpage

contact-webpage

License

Apache Version 2.0