The project is based on the concept of an online store. It has two versions: one presents several critical security vulnerabilities, the other is the same system with the vulnerabilities fixed.

It is built using Bootstrap 5, CherryPy, Javascript and SQLite3

Mandatory

• CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Choosen

• CWE-20: Improper Input Validation
• CWE-319: Cleartext Transmission of Sensitive Information

David Araújo - 93444

Ana Filipe - 93350

Leandro Rito - 92975

Mariana Gomes - 73211