In the first course project, your task is to create a web application that has at least five different flaws from the OWASP top ten list (https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf). Starter code for the project is provided on Github at https://github.com/cybersecuritybase/cybersecuritybase-project.
You will then write a brief (1000 words) report that outlines how the flaws can be first identified and then fixed. Your report has to be within 20% of this limit, otherwise our merciless automated robots will fail your submission. For the identification process, we suggest that you use tools that have been used in the course, such as Owasp ZAP. Once these two tasks have been completed, you will review five projects from other course participants.
You may do the project without using the starter template (in a language of your own choosing). In that case, however, you must also provide guidelines for installing and running the web application on Windows, Linux and Mac (including guidelines for installing any possible required dependencies). If you are given a project for review that has not been constructed using the starter code (in a language that you do not know), you may request another project for review (this can be done by reloading this page).
A discussion channel has been set up for the project. The channel is the Matrix room
#cybersecuritybase:matrix.org. We recommend that you join the room with the following link: https://riot.im/app/#/room/#cybersecuritybase:matrix.org. If you wish to use another program for participating the discussions, visit https://matrix.org/docs/projects/try-matrix-now.html.
If you hate modern technology, the channel is also bridged to
#cybersecuritybase on Freenode. Use at your own risk.