Skip to content

J-Lucien/spring-security-basic-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Spring Boot Application with Enhanced Security Features

This application is an implementation of Spring Security Basic, designed to integrate my cybersecurity expertise into development. It incorporates essential mechanisms to enhance application security, including robust protection against brute force attacks, which is vital for preventing unauthorized access.

Features

  1. Spring Security Basic Authentication
  • Protects the application endpoints with basic authentication.
  1. IP-Based Rate Limiting
  • Prevents attackers from making a large number of attempts in a short period.
  1. CAPTCHA Verification
  • implement CAPTCHA after multiple failed login attempts to block automated attacks
  • Blocks access for 30 seconds after exceeding failed attempts
  • Requires CAPTCHA verification for subsequent login attempts
  1. Brute Force Mitigation
  • While these measures do not guarantee the complete elimination of threats, they make the attack process sufficiently tedious to discourage attackers.
  1. Multi-Factor Authentication (MFA) (In Progress)
  • Adds an additional layer of security to verify user identity.
  1. User Access Pages

  • Login Page: Authenticates users.

  • Home Page: Main page accessible after successful login.

  • Test Page: A sample page to verify access restrictions.

  • Blocked Page: Displays a message for blocked users or failed authentication attempts.

  • Error page: A fallback page displayed when a user tries to access a non-existent resource.

Technologies Used

  • Java 21 (OpenJDK)

  • Spring Boot

  • Spring Security

  • Maven

🧪 Tests

  • Manual tests performed using:
    • Burp Suite
    • Intruder Attack Simulation: Conducted to test the resilience of the application against brute force attacks. Results showed effective mitigation of unauthorized access attempts. The following areas were specifically tested:
      • IP-Based Rate Limiting: The application blocked access after a certain number of failed attempts.
      • CAPTCHA Verification: The application required CAPTCHA verification after multiple failed login attempts.
      • Timing Attack Mitigation: The application did not reveal whether the username or password was incorrect, preventing attackers from using timing attacks to determine the validity of their guesses.

Getting Started

Prerequisites

Ensure you have the following installed:

  • Java 21

  • Maven

  • A compatible IDE (e.g., IntelliJ IDEA, Eclipse)

Installation

  1. Clone the repository:
git clone https://github.com/J-Lucien/spring-security-basic-auth.git
  1. Build the project using Maven:
mvn clean install
  1. Run the application:
mvn spring-boot:run
  1. Access the application at http://localhost:8081.

Notes on Security Implementation

  • This project includes custom implementations, such as timing attack mitigations, even though Spring Security provides built-in protections. These additions serve as a demonstration of my understanding of secure coding practices and my ambition to create resilient applications.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages