This project was developed as part of the Horizon TechX Cyber Security Internship Program.
The objective of this project is to identify security vulnerabilities in a simple login application, analyze the associated risks, and implement secure coding practices to mitigate those vulnerabilities.
The project contains two versions of a login system:
- Vulnerable Login Application
- Secure Login Application
- Python 3
- getpass Library
HorizonTechX_SecureCodingReview/
├── vulnerable_app.py
├── secure_app.py
├── Security_Review_Report.docx
├── screenshots/
└── README.md
The vulnerable application contains several security weaknesses:
- Hardcoded credentials
- Plain text password storage
- Password visible during input
- Unlimited login attempts
- Lack of security controls
Example:
admin_username = "admin"
admin_password = "admin123"Risk: Credentials stored directly in source code can be exposed if the code is leaked.
Severity: High
Risk: Passwords are stored in readable format and can be viewed by anyone with access to the source code.
Severity: High
Risk: Passwords can be observed during typing.
Severity: Medium
Risk: Attackers can perform brute-force attacks without restrictions.
Severity: High
The secure version introduces:
- Hidden password input using getpass
- Login attempt limitation
- Improved program structure
- Better authentication handling
Example:
password = getpass.getpass("Enter Password: ")Through this project, I learned:
- Secure coding principles
- Common authentication vulnerabilities
- Risk assessment techniques
- Security remediation practices
- Python security improvements
Secure coding practices play a critical role in protecting applications from cyber threats. This project demonstrates how common vulnerabilities can be identified and mitigated through proper security controls and coding standards.
Madhuri
Horizon TechX Cyber Security Internship