Skip to content

Latest commit

 

History

History
52 lines (31 loc) · 1.25 KB

README.md

File metadata and controls

52 lines (31 loc) · 1.25 KB

Project Name: Travel Management System

SSD Group Assignment

Secure Software Development (SE4030) | 4th year 1st semester | SLIIT

GitHub link to the original project:

Backend- https://github.com/Kavinduweb/Travel-management-system

Frontend- https://github.com/Kavinduweb/Travel-management-Frontend

GitHub link to the Modified project:

Link- https://github.com/malindu-MD/ssd_assignment_SE4030

Link to the YouTube video:

Identified Vulnerabilities:

  • Security Misconfiguration (Clickjacking)
  • Broken Authentication & Exposing user sensitive information
  • Weak Cross-Origin Resource Sharing (CORS) Configurations
  • Stored XSS Vulnerability
  • File Upload Vulnerability
  • Lack of Request Size Limit function
  • Missing Content Policy(CSP) Header
  • Insecure Direct Object References (IDOR)
  • Lack of Rate Limit Function
  • Lack of Rate Limit Function
  • Weak Password Policies
  • Authentication Vulnerability
  • Inadequate Logging mechanism

Security-related open-source testing tools to identify potential vulnerabilities:

  • Snyk
  • Zap Tool

Contributors:

  • Ranaweera A.P. - IT21182396 (Group Leader)
  • Senanayake W.G.B. - IT21158322
  • Sooriyaarachchi M.D.A - IT21173790
  • Kumarathunga S.A.D.S - IT21118340