Departamento de Electrónica, Telecomunicações e Informática - Universidade de Aveiro
This web app represents an administration area (user-friendly back-office) of a news blog, where administrators can manage the news posted on the blog.
To setup the app, first make sure to have Docker running on your machine. [How to here]
Then, run the following commands in the CLI:
$ sudo chmod +x run.sh
$ ./run.sh
or
$ sudo chmod -R a+rwx ${PWD}/app
$ sudo chmod -R a+rwx ${PWD}/app_sec
$ sudo docker build -t webapp .
$ sudo docker run -dti --name app -p 80:80 webapp
The web server will, then, be running on localhost:80.
CWE | Name |
---|---|
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-256 | Plaintext Storage of a Password & CWE-311 - Missing Encryption of Sensitive Data |
CWE-306 | Missing Authentication for Critical Function |
CWE-425 | Direct Request ('Forced Browsing') & CWE-288 - Authentication Bypass Using an Alternate Path or Channel |
CWE-434 | Unrestricted Upload of File with Dangerous Type & CWE-20 - Improper Input Validation |
CWE-472 | External Control of Assumed-Immutable Web Parameter |
CWE-521 | Weak Password Requirements |
CWE-532 | Insertion of Sensitive Information into Log File |
CWE-549 | Missing Password Field Masking |
CWE-552 | Files or Directories Accessible to External Parties |
CWE-799 | Improper Control of Interaction Frequency & CWE-307 - Improper Restriction of Excessive Authentication Attempts |
CWE-862 | Missing Authorization & CWE-522 - Insufficiently Protected Credentials |
NMec | Name | |
---|---|---|
88755 | Carlos Rafael de Jesus Palma Costa | carlospalmacosta@ua.pt |
88930 | João Tomás Borges Simões | jtsimoes@ua.pt |
88964 | Afonso Domingos Cardoso | afonsocardoso@ua.pt |
90327 | Diogo Costa Correia | diogo.correia99@ua.pt |