This repository contains a comprehensive Secure Code Review Report created as part of my internship at CodeAlpha. The task was assigned to assess and document the security posture of a web application through manual code analysis, aligned with industry-recognized standards such as OWASP, CWE, and NIST.
As part of the CodeAlpha internship, I was assigned to:
- Select a programming language and application to audit.
- Perform a code review to identify security vulnerabilities.
- Use tools like static analyzers or manual inspection methods.
- Provide recommendations and best practices for secure coding.
- Document findings and suggest remediation steps for safer code.
| Section | Description |
|---|---|
| Assessment Methodology | Approach used for reviewing code, based on OWASP & secure coding guidelines |
| Identified Vulnerabilities | Each issue includes a title, CVSS/CWE classification, description, impact, and suggested fix |
| Proof of Concepts (PoCs) | Test cases and payloads used to validate the vulnerabilities |
| Remediation Guidance | Actionable fixes to mitigate risks in the codebase |
| References | OWASP, CWE, NIST links and best practice documentation |
- Cross-Site Scripting (XSS) due to use of vulnerable Bootstrap version (CVE-2024-6531)
- Cross-Site Request Forgery (CSRF) on multiple state-changing endpoints
- NoSQL Injection via unsanitized form data
- Brute Force Login Vulnerability due to lack of rate limiting and lockout mechanisms
- Weak Password Policy lacking complexity enforcement
- Manual code review of frontend and backend logic
- Analysis based on:
Name: Satvik Hatulkar
Email: satwikhatulkar@gmail.com
LinkedIn: linkedin.com/in/satvikhatulkar
GitHub: github.com/satvikhatulkar