The project is based on the concept of an online store. It has two versions: one presents several critical security vulnerabilities, the other is the same system with the vulnerabilities fixed.
It is built using Bootstrap 5, CherryPy, Javascript and SQLite3
Mandatory
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Choosen
David Araújo - 93444
Ana Filipe - 93350
Leandro Rito - 92975
Mariana Gomes - 73211