Skip to content

Shreda/ISWA-Python

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.vscode
.vscode
 
 
iswa
iswa
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
init.sql
init.sql
 
 

Repository files navigation

ISWA-Python

A Python port of the Invest Secure Web Application (ISWA). ISWA is an intentionally vulnerable web application used for demontration and teaching purposes.

Recommended Tools

Dependencies

  • Works on Linux and MacOS
  • Never tested on Windows
  • Requires Docker and Docker Compose
    • Refer to the docker website for installation on your OS

Installation

git clone https://github.com/Shreda/ISWA-Python.git
cd ISWA-Python
docker-compose up

Usage

  • Once the project comes up you can view the web application on http://localhost:5000
  • For code review, all the applications API endpoints are defined in iswa/app.py

Vulnerabilities

Authentication - Username Enumeration

Authentication - Weak Password Policy

Authentication - Lack of Brute Force Protections

Authentication - Lack of MFA

Authentication - Allowing Known Weak Passwords

Authentication - Use of Weak Password Hashing Algorithms

Injection - Command Injection

Injection - SQL Injection

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages