This repository contains two assignments for analyzing and improving the security of InShare, a note-writing and note-sharing web application. InShare allows users to create, edit, share notes, and manage access permissions for different users.
In this assignment, we focused on analyzing the security vulnerabilities present in InShare, such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). We identified and demonstrated exploits for these vulnerabilities and assessed their impact on the system's security. A threat model was also created to document the security requirements and potential threats.
In this assignment, we improved the security of InShare by addressing vulnerabilities discovered in Assignment 2. We implemented mitigations for SQL Injection, XSS, CSRF, improved the authentication system with better password storage, and updated the access control model to Role-Based Access Control (RBAC). We also improved the logging mechanisms to monitor critical security events.
The assignments aimed to enhance the security of the application and demonstrate best practices for secure software development.