Demo of an insecure PW manager for Software Engeneering lecture e-Portfolio.
The aim of the e-portfolio was to familiarize myself with the OWASP ZAP tool and to introduce the software engineering course to the topic of web app security. To show how the OWASP ZAP tool works I created a little demo app containing vulnerabilies so that the ZAP Scan can find them. The presentation slides can be found in this repository as well.
- SQL Injections
- CORS missconfiguration
- CSRF Token missconfiguration
And ZAP found some few more.