A secure web application built using Flask (Python) that demonstrates core web security concepts such as authentication, authorization, and secure data storage.
This project is designed for learning and showcasing secure coding practices aligned with the OWASP Top 10.
To create a simple yet secure web application that implements:
- User authentication
- Authorization using JWT tokens
- Secure password storage
- SQL injection prevention
- User Registration and Login
- JWT-based Authentication
- Protected Routes requiring authorization
- Password Hashing (no plaintext passwords)
- Secure SQLite Storage
- SQL Injection Prevention
- Minimal frontend UI for interaction
- Automatic database initialization
- Backend: Flask (Python)
- Authentication: JWT (Flask-JWT-Extended)
- Password Security: Werkzeug
- Database: SQLite
- Frontend: HTML (Jinja Templates)
- Security Concepts: OWASP Top 10
- Web security fundamentals
- Secure coding practices
- Authentication & authorization
- JWT token handling
- Password hashing
- SQL injection prevention
- OWASP Top 10 awareness
βββ app.py # Main Flask application βββ requirements.txt # Python dependencies βββ database.db # SQLite database (auto-created, NOT pushed to GitHub) βββ templates/ # HTML templates β βββ index.html β βββ register.html β βββ login.html β βββ profile.html βββ venv/ # Virtual environment
python -m venv venv
.\venv\Scripts\Activate.ps1
pip install -r requirements.txt
python app.py