WARNING: This application contains intentional security vulnerabilities!
This is a deliberately vulnerable Flask application that demonstrates the OWASP Top 10 web application security risks. It is intended for educational purposes only, to help developers understand common security vulnerabilities and how to prevent them.
- Broken Access Control - Missing authentication checks, insecure direct object references
- Cryptographic Failures - Storing passwords in plaintext, weak encryption
- Injection - SQL injection, command injection
- Insecure Design - Weak password reset functionality
- Security Misconfiguration - Debug information exposure
- Vulnerable and Outdated Components - Using outdated libraries
- Identification and Authentication Failures - Weak password policies, no account lockout
- Software and Data Integrity Failures - Insecure deserialization
- Security Logging and Monitoring Failures - Insufficient logging
- Server-Side Request Forgery (SSRF) - Unvalidated URL fetching
-
Install Python 3.8.* (old and unsupported Python version).
Use pyenv and env to prevent this obsolete version from ruining your computer. -
Install the required dependencies:
pip install -r requirements.txt -
Run the application:
python app.py -
Access the application at http://127.0.0.1:5000
- Username: admin
- Password: admin123