Skip to content
This repository has been archived by the owner on Aug 25, 2023. It is now read-only.

Latest commit

 

History

History
58 lines (45 loc) · 4.5 KB

README.md

File metadata and controls

58 lines (45 loc) · 4.5 KB

gif

[ Solution to the Task 1: GPN_Task-1.pdf ]
[ Solution to the Task 2: GPN_Task-2.pdf ]
[ Solution to the Task 3: GPN_Task-3_Rules ]

Brief overviews:   Task 1 | Task 2 | Task 3


My solution to the tasks given within the Gazprom Neft Hackathon of the year 2023.

🔍 Overview: Task 1

Problem

The task was to review code stored within the provided files (*each file represents an independent web application) and to create a report regarding vulnerabilities found during the analysis.

Results

Case № Technologies Findings
1 Python, Flask [Relative Path Traversal] [CWE-23]
2 JS, PHP [Cross-Site Scripting] [CWE-159]
3 JS [Cross-Site Scripting] [CWE-159] [CWE-360]
4 Go [Broken Authentication] [CWE-287]
5 C [Buffer Overflow] [CWE-120]
6 NodeJS [CORS Misconfiguration] [CWE-942]
7 PHP [Absolute Path Traversal] [CWE-36] [Server-Side Request Forgery] [CWE-918]
8 JS [OpenRedirect] [CWE-601] [Cross-Site Scripting] [CWE-83]
9 Python, Flask [Server-Side Template Injection] [Command Injection] [CWE-1336]

💻 Overview: Task 2

Problem

The task was to examine the provided web application and to create a report regarding vulnerabilities found during the analysis.

Results

I have separately conducted both White-box and Black-box testing of the provided web application to evaluate security from the point of view of both the developer and the potential attacker.

Method of software testing Findings
White-box [Weak credentials] [CWE-1391]
White-box [Hard-coded plaintext credentials] [CWE-798]
White-box [Hard-coded plaintext secret key] [CWE-321]
Black-box, White-box [Debug mode on] [CWE-489]
Black-box, White-box [SQL Injection] [CWE-89] [CVE-2022-34265]

⌨️ Overview: Task 3

Problem

The task was to write Semgrep rules that would find bugs that lead to the vulnerabilities listed above in the overview of the Task 1 and the overview of the Task 2.

Results