Skip to content
/ zenmo Public
forked from egecavusoglu/zenmo

A money transfer app to introduce web security fundamentals.

zenmo.vercel.app
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evans23/zenmo

BranchesTags
 
 

Repository files navigation

Zenmo

Zenmo is a demo app to introduce some web security fundamentals for class CSE 437S: Software Engineering Workshop.

Vulnerabilities

  1. Expose an API key, data leak in a form body that is submitted.

  2. Malformed POST request.

    • Send a money from someone else to self by changing the post request body.

  3. CSRF GET Request

  4. Unprotected Routes (user/other-user)

    • See other user's info by changing

  5. XXS: Inject JS to a page

    • We believe we can achieve this React's dangerouslySetInnerHtml. More about that here

Roadmap

  • Build the UI for the pages.
  • Set SQL db with prisma
  • Add login with email to track which students were in.
  • Add Dan to Repo.
  • Develop vulnerabilities in the context of the app.
    • Expose key
    • Malformed money sending request
    • Unprotected profile pages
    • XSS injection

About

A money transfer app to introduce web security fundamentals.

zenmo.vercel.app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 91.2%
  • CSS 8.8%