Skip to content

Miracle-Godwin-Ogbo/CodeAlpha_Secure_Code_Review_Login_System_Flask_MySQL

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

CodeAlpha Assessment Methodology Report OWASP

🔍 CodeAlpha - Secure Code Review Assessment of a Flask Login System

📌 Overview

This repository contains a Secure Code Review Assessment of an open-source Python Flask Login System that uses a MySQL database.

The assessment was performed using a Static Application Security Testing (SAST) methodology through manual source code review. The objective was to identify security vulnerabilities, evaluate secure coding practices, and provide practical remediation recommendations based on industry best practices.

The identified security findings were also mapped to the OWASP Top 10 (2021) to demonstrate their alignment with widely recognized web application security risks.


🔗 Target Application

The application reviewed during this assessment is available below:

Repository Reviewed:
https://github.com/HarunMbaabu/Login-System-with-Python-Flask-and-MySQL

This repository contains my independent security assessment of the above application. The original source code remains the property of its respective author.


🎯 Assessment Objectives

  • Perform a manual Secure Code Review.
  • Identify security vulnerabilities within the application.
  • Evaluate authentication and session management.
  • Assess secure coding practices.
  • Review SQL query implementation.
  • Identify potential security weaknesses.
  • Provide practical remediation recommendations.
  • Map identified findings to the OWASP Top 10 (2021).

🔬 Assessment Methodology

The assessment was conducted using Static Application Security Testing (SAST) through manual source code analysis without executing the application.

The following areas were reviewed:

  • Authentication
  • User Registration
  • Session Management
  • Access Control
  • Database Queries
  • Input Validation
  • Password Handling
  • Error Handling

🛠 Technologies Reviewed

  • Python
  • Flask
  • MySQL
  • Flask-MySQLdb
  • Jinja2
  • HTML
  • SQL

✅ Positive Security Practices Identified

The assessment identified several secure coding practices already implemented within the application, including:

  • Parameterized SQL Queries
  • Session-Based Authentication
  • Generic Authentication Error Messages
  • Basic Input Validation

🚨 Security Findings

Finding Severity OWASP Category
Plaintext Password Storage 🔴 High A02:2021 – Cryptographic Failures
Missing Password Strength Validation 🟠 Medium A07:2021 – Identification and Authentication Failures
Flask Debug Mode Enabled 🟠 Medium A05:2021 – Security Misconfiguration

A detailed technical explanation, supporting evidence, security impact, and remediation recommendations for each finding are available in the assessment report.


🧠 Skills Demonstrated

This project demonstrates practical experience in:

  • Secure Code Review
  • Static Application Security Testing (SAST)
  • Python Source Code Analysis
  • Flask Security Review
  • Authentication & Session Security
  • Secure Coding Best Practices
  • SQL Injection Prevention Review
  • OWASP Top 10 Mapping
  • Vulnerability Assessment
  • Technical Security Report Writing

📄 Assessment Report

The complete Secure Code Review Report is available below.

📥 Download the Report

Secure Code Review Report – Login System (Flask & MySQL)


📚 Learning Outcomes

Through this assessment, I strengthened my understanding of:

  • Reading and analyzing backend Python applications
  • Flask routing and request handling
  • Authentication and session management
  • Secure database interactions
  • SQL Injection prevention using parameterized queries
  • Password storage best practices
  • Static Application Security Testing (SAST)
  • Professional security documentation and reporting

⚠️ Disclaimer

This Secure Code Review Assessment was conducted independently for educational and portfolio purposes using a publicly available open-source application.

This repository does not contain or claim ownership of the original application. It contains only my independent security assessment and report. The original application remains the property of its respective author.


👨‍💻 Author

Miracle Godwin Ogbo

Junior Penetration Tester

About

A professional Secure Code Review Assessment of a Python Flask and MySQL Login System. This project identifies security vulnerabilities, evaluates secure coding practices, maps findings to the OWASP Top 10 (2021), and provides practical remediation recommendations.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors