Skip to content

smottoms/Secure-Coding-Demo-App-Node.js-

BranchesTags

Repository files navigation

🔐 Secure Coding Demo App (Node.js)

📌 Overview

This project demonstrates the difference between insecure coding practices and secure coding techniques in a web application.

The application contains two versions:

  • Insecure Version – intentionally vulnerable to attacks such as SQL Injection.
  • Secure Version – shows how to properly mitigate these vulnerabilities using secure coding practices.

This project is created for educational and cybersecurity learning purposes only.

📂 Project Structure

secure-coding-demo
│
├── insecure-version/
│   ├── public/
│   ├── views/
│   └── app.js
│
├── secure-version/
│   ├── public/
│   ├── views/
│   └── app.js
│
├── database/
│   ├── insecure.db
│   └── secure.db
│
├── package.json
└── README.md

🚀 Features

  • User Registration
  • User Login System
  • Dashboard Page
  • SQLite Database
  • Insecure Authentication Example
  • Secure Authentication Example
  • SQL Injection Demonstration
  • Parameterized Query Protection

⚠️ Vulnerability Demonstration

SQL Injection (Insecure Version)

The insecure version builds SQL queries using string concatenation, which allows attackers to manipulate the query.

Example vulnerable query:

SELECT * FROM users WHERE username = 'input' AND password = 'input'

Attackers can bypass authentication using payloads like:

' OR '1'='1

This allows login without valid credentials.

🛡 Secure Coding Implementation

The secure version prevents SQL injection using parameterized queries.

Example secure query:

db.get(
  "SELECT * FROM users WHERE username = ? AND password = ?",
  [username, password]
)

This ensures user input cannot change the SQL structure.

🧰 Technologies Used

  • Node.js
  • Express.js
  • SQLite
  • HTML
  • CSS
  • JavaScript

⚙️ Installation

Clone the repository:

git clone https://github.com/YOUR_USERNAME/secure-coding-demo.git

Go to the project folder:

cd secure-coding-demo

Install dependencies:

npm install

▶️ Run the Application

Start the server:

node app.js

Open browser:

http://localhost:3000

🎯 Learning Objectives

This project helps demonstrate:

  • How insecure coding creates vulnerabilities
  • How attackers exploit SQL Injection
  • The importance of secure coding practices
  • How parameterized queries protect databases

⚠️ Disclaimer

This project is created for educational and ethical security research purposes only.

Do not use these techniques on systems without proper authorization.

👨‍💻 Author

Toms Johnson

Cybersecurity Enthusiast
Future Penetration Tester

About

A demo project showing insecure vs secure coding practices using Node.js. Includes examples of SQL injection vulnerability and its secure mitigation.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages