Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.
/ App-Security-Tommy-Destiny Public archive

Blogging Web App for content creators to share their passion.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Sz3yan/App-Security-Tommy-Destiny

BranchesTags

Repository files navigation

NYP Y2S1 Application Security

Background

Tommy Destiny is a powerful app for Tommy to publish content, and grow a business around their content. It is equipped with modern tools to easily create, update and manage pages and posts catered for its audience.

Run the program

pip install -r requirements.txt
python app.py

Security Mitigations for OWASP Top 10 2017 and 2019

Project Structure

Project Structure:

Tommy-Destiny
├── app.py
├── config.py
├── Procfile
├── README.md
├── requirements.txt
├── flask_session
├── google.json (include your own google service account key)
├── .env (include your own firebase credential)
├── LICENSE.md
├── mitigations
│  ├── A2_Broken_authentication.py
│  ├── A3_Sensitive_data_exposure.py
│  ├── A7_Cross_site_scripting.py
│  ├── API3_Excessive_data_exposure.py
│  ├── API6_Mass_Assignment.py
│  └── API10_Insufficient_logging_and_monitoring.py
├── routes
│  ├── admin
│  │  ├── admin_routes.py
│  │  ├── static
│  │  │  └── py
│  │  │     ├── Create_policy_form.py
│  │  │     ├── Page.py
│  │  │     └── Post.py
│  │  └── templates
│  │     ├── admin_dashboard.html
│  │     ├── admin_editor.html
│  │     ├── admin_editor_page.html
│  │     ├── admin_pages.html
│  │     ├── admin_post.html
│  │     └── admin_viewsite.html
│  ├── api
│  │  └── api_routes.py
│  ├── errors
│  │  ├── error_routes.py
│  │  └── templates
│  │     └── error.html
│  └── user
│     ├── static
│     │  └── py
│     │     └── Forms.py
│     ├── templates
│     │  ├── about.html
│     │  ├── allposts.html
│     │  ├── enterOTP.html
│     │  ├── home.html
│     │  ├── login.html
│     │  ├── policy.html
│     │  ├── post.html
│     │  ├── pricing.html
│     │  ├── profile.html
│     │  ├── signup.html
│     │  └── top4post.html
│     └── user_routes.py
├── static
│  ├── firebaseConnection.py
│  └── serviceAccountKey.json (include your own firebase adminsdk account key)
└── templates
   ├── adminbase.html
   ├── base.html
   ├── baselogin.html
   ├── includes
   │  ├── adminnavbar.html
   │  ├── footer.html
   │  ├── formHelper.html
   │  └── navbar.html
   └── top4base.html

Done by: Sze Yan, Yee Ping, Stefanie, and Mizuki

About

Blogging Web App for content creators to share their passion.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 4

  •  
  •  
  •  
  •  

Languages