The "Secure Program" Project

Previous Next

Mission statement:

It was made with the goal of showing people the vulnerabilities that websites and many applications can encounter if you don't program with security in mind. This was a project I did during my internship over at First American working in the Enterprise Application Security Team.

What I learned:

This program was made using ASP.NET Core 2.2. This was my first time using ASP.NET and messing around with web applications using C# and it was a really great experience. I was able to learn about security practices while also learning a new framework. It was very friendly to use, especially when it was my first time doing web development. I also learned about how to plan out an application with a scope like this. I haven't done this big of a project all by myself before. This took around 2 months to complete.

Vulnerabilities Showcased:

• SQL Injection
• XSS
• CSRF
• CRLF
• Design Flaws

How to Protect against these vulnerabilities!

• SQL Injection - Parameterize your queries or use stored procedures!
• XSS - Use the header X-XSS-Protection: 1; mode=block for your HTTP Responses and Encode any output to the web application
• CSRF - Use Bearer tokens or AntiForgery Tokens to make sure that requests are coming from legitimate sources
• CRLF - Make sure to remove and clean input to a logging system of any CRLF characters to avoid log attacks