A secure web application built with Python and Flask, developed as a course programming project demonstrating OWASP TOP 10 secure programming principles.
- User registration and login with hashed passwords
- Post messages and comment on posts
- Full CSRF protection on every form
- XSS prevention via template escaping
- SQL injection prevention via SQLAlchemy ORM
- Security headers via Flask-Talisman
| ID | Issue | Solution |
|---|---|---|
| A01 | Broken access control | @login_required on all routes |
| A02 | Cryptographic failures | Werkzeug scrypt password hashing |
| A03 | Injection | SQLAlchemy ORM + Jinja2 escaping |
| A05 | Security misconfiguration | Flask-Talisman security headers |
| A07 | Auth failures | Flask-Login session management + CSRF |
# 1. Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# 2. Install dependencies
pip install -r requirements.txt
# 3. Run the app
python run.pyThen open http://127.0.0.1:5000 in your browser.
pytest tests/ -v- Snyk — dependency vulnerability scanning
- SonarQube — static code analysis
- Jenkins — CI pipeline automation
- Ubuntu 22.04 LTS (VirtualBox)
- Python 3
- Flask 3.0.3