Creating a new Information Security Project - Web Vulnerability Scanner #57648
Labels
scope: curriculum
Lessons, Challenges, Projects and other Curricular Content in curriculum directory.
status: flagged internally
For issues that have been flagged for staff attention in our internal channels.
Comments
chaitanyarahalkar
added
status: waiting triage
gikf
added
the
scope: curriculum
|
Hi @chaitanyarahalkar ! Thank you for opening up this issue. The team is currently about to head out for the holiday break. But when they return, meetings will be held to discuss what will be included in the python chapter. At that time, they will look into your project proposal |
naomi-lgbt
added
status: flagged internally
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Information Security Project Idea
I wanted to introduce a new information security project for learning how to write a web vulnerability scanner. We currently have only a handful of projects in this domain and I thought I can introduce a new one for students.
I wanted to create a boilerplate project repo as well to allow students to practice locally or on GitPod as well. I was trying to look for any documentation around how these boilerplate repos are created. If someone can navigate me through it, that would be great!
Here's the brief outline of the project -
Core Idea: A Python-based web vulnerability scanner that teaches students practical web security testing while emphasizing ethical hacking principles.
Core Features
Vulnerability Detection
Safety & Ethics
Reporting System
The scanner works by systematically crawling target websites, analyzing potential security weaknesses, and generating detailed reports with actionable insights. At its core, the scanner employs various detection mechanisms for identifying vulnerabilities like Cross-Site Scripting (XSS), SQL Injection, insecure HTTP headers, and directory traversal issues. The tool emphasizes ethical scanning practices by implementing crucial safety features such as rate limiting, robots.txt compliance, and configurable scan boundaries to prevent unintended damage or disruption. We will be creating a few unit tests around this to make sure that this is tried and tested in a controlled environment.
I think what sets this project apart is its focus on both educational value and practical utility. This tool is specifically designed to help students understand the underlying concepts of web security as well as provide meaningful results.
I actually wrote an article in the /news section about it that goes into a bit more details about how a web security scanner works here.
This project won't be exactly similar to this but would be a rather simpler version.
Let me know your thoughts! Thank you!
The text was updated successfully, but these errors were encountered: