This project focuses on identifying, analyzing, and classifying vulnerabilities in a web application using structured vulnerability assessment techniques.
The objective is to simulate a basic VAPT (Vulnerability Assessment & Penetration Testing) process and document findings professionally.
Target Type:
- Public demo / test web application
Testing Areas:
- Open Ports
- HTTP Security Headers
- SSL Configuration
- Server Information Disclosure
- Input Validation Issues
- Potential OWASP Top 10 Risks
- Nmap (Port Scanning)
- Nikto (Web Server Scan)
- Browser Developer Tools
- Online Header Analyzer
- Manual Testing Techniques
- Missing Security Headers
- Server Version Disclosure
- No Rate Limiting
- Weak Input Validation
- Potential Information Exposure
| Vulnerability | Severity |
|---|---|
| Missing Security Headers | Medium |
| Information Disclosure | Medium |
| No Rate Limiting | High |
| Weak Validation | High |
- Implement Content-Security-Policy
- Hide server version details
- Add rate limiting mechanisms
- Validate user inputs properly
- Enable proper error handling
Author
Rishikesh Borse
Aspiring Cybersecurity Analyst
Focused on SOC & Blue Team Operations