Secure Login Challenge
https://github.com/Sainya-Ranakshetram-Submission/secure-login
This project addresses all the web vulnerabilities and implements login system in a secure way
Web vulnerabilities addressed
- Cross Site Forgery Request
- Clickjacking
- SQL/NoSQL/LDAP/XML Injection
- XSS Attack
- Response Manipulation
- Sensitive Information Disclosure
- Authentication Bypass
- Parameter Pollution & Mass Assignment
- Credentials Over Unencrypted Channel
- Missing Brute-Force Protection
- User Enumeration
- Throttling Requests
- Remote Code Execution
Hosting Guide
1. Download the code
First install git in the system, then type the following command incommand prompt
git clone https://github.com/Sainya-Rakshatam-Submission/secure-login.gitcd secure-login2. Setup the Virtual Environment
Installpython-3.9 in the system, then run the following command in the console
pip install virtualenvvirtualenv envenv/scripts/activatepip install -r requirements.txtNow renameexample.env to.env and now see this video on how to setup the.env file.
3. Setup the database
If you are in local environment then the project will automatically use thesqlite unless speficied the database url in the.env file.
FollowingDATABASE URL's are supportedClick Here
And then install its respective database connector module frompypi.
If you are inLOCAL environment then no need to install the database connector module since it will be using sqlite :)
Click here for the video explanation
4. Migrate the sql queries to the database
Now in console run the following command
python manage.py migrate5. Create a superuser for the site
To create a superuser for the site run the following commands line by line in the sole
python manage.py createsuperuserafter running the command provide the necessary details it asks
6. Compress the static files
To compress the static files then run the following command in the console
python manage.py collectcompress7. Edit the CORS and ALLOWED_HOST header
Make sure to edit theCORS andALLOWED_HOST header, otherwise you won't be able to access the site from the desired attched domain.Click here to goto the CORS and ALLOWED_HOST header
8. Edit the THROTTLING REQUESTS bumber
Make sure to edit theAXES_FAILURE_LIMIT confiiguration, this is the max number of failed login attempts, Defaults to 5.Click here to goto the THROTTLING REQUESTS configuration
9. Now run the project
For thewindows users, run the following command
python manage.py runserverand for theLinux andMac users, run the following command
gunicorn securelogin.asgi:application -k securelogin.workers.DynamicUvicornWorker --timeout 500Kamboom! The site is up onhttp://127.0.0.1:8000 in local environment, now the credentials that you have given while creating the superuser using the createsuperuser command.
Youtube Video Explaining all
Github Repo
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
