Departamento de Electrónica, Telecomunicações e Informática - Universidade de Aveiro
This web app represents an administration area (user-friendly back-office) of a news blog, where administrators can manage the news posted on the blog.
To setup the app, first make sure to have Docker running on your machine. [How to here]
Then, run the following commands in the CLI:
$ sudo chmod +x run.sh
$ ./run.sh
or
$ sudo chmod -R a+rwx ${PWD}/app
$ sudo chmod -R a+rwx ${PWD}/app_sec
$ sudo docker build -t webapp .
$ sudo docker run -dti --name app -p 80:80 webapp
The web server will, then, be running on localhost:80.
| CWE | Name |
|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-256 | Plaintext Storage of a Password & CWE-311 - Missing Encryption of Sensitive Data |
| CWE-306 | Missing Authentication for Critical Function |
| CWE-425 | Direct Request ('Forced Browsing') & CWE-288 - Authentication Bypass Using an Alternate Path or Channel |
| CWE-434 | Unrestricted Upload of File with Dangerous Type & CWE-20 - Improper Input Validation |
| CWE-472 | External Control of Assumed-Immutable Web Parameter |
| CWE-521 | Weak Password Requirements |
| CWE-532 | Insertion of Sensitive Information into Log File |
| CWE-549 | Missing Password Field Masking |
| CWE-552 | Files or Directories Accessible to External Parties |
| CWE-799 | Improper Control of Interaction Frequency & CWE-307 - Improper Restriction of Excessive Authentication Attempts |
| CWE-862 | Missing Authorization & CWE-522 - Insufficiently Protected Credentials |
| NMec | Name | |
|---|---|---|
| 88755 | Carlos Rafael de Jesus Palma Costa | carlospalmacosta@ua.pt |
| 88930 | João Tomás Borges Simões | jtsimoes@ua.pt |
| 88964 | Afonso Domingos Cardoso | afonsocardoso@ua.pt |
| 90327 | Diogo Costa Correia | diogo.correia99@ua.pt |