A full-stack web application built security-first with OWASP Top 10 compliance from the ground up. Demonstrates what secure development looks like in practice.
- Secure authentication (bcrypt, session management, MFA-ready)
- Input validation & output encoding (prevent XSS)
- Parameterised queries (prevent SQLi)
- CSRF protection
- Secure headers (CSP, HSTS, X-Frame-Options)
- Access control (role-based)
- Error handling without information leakage
- Dependency auditing
- Frontend: HTML / CSS / JavaScript
- Backend: Python (Flask)
- Database: SQLite / PostgreSQL
- Auth: Flask-Login, bcrypt
| # | Risk | Status |
|---|---|---|
| A01 | Broken Access Control | Planned |
| A02 | Cryptographic Failures | Planned |
| A03 | Injection | Planned |
| A04 | Insecure Design | Planned |
| A05 | Security Misconfiguration | Planned |
| A06 | Vulnerable Components | Planned |
| A07 | Auth Failures | Planned |
| A08 | Integrity Failures | Planned |
| A09 | Logging & Monitoring | Planned |
| A10 | SSRF | Planned |
In development — initial commit coming soon.
Part of the B-star51 security portfolio