• Hiding Vulnerabilities in a Sa...

Treffer: Hiding Vulnerabilities in a Sandbox Website for Cybersecurity Testing of Students

Title:
Hiding Vulnerabilities in a Sandbox Website for Cybersecurity Testing of Students
Authors:
HESARIAN, MARYAM
Contributors:
BADIA, LEONARDO
Publication Year:
2025
Collection:
Padua@thesis (Università degli Studi die Padova - Padova Digital University Archive)
Subject Terms:
cybersecurity, vulnerable web, ethical hacking, OWASP, student evaluation
Document Type:
other/unknown material
File Description:
application/pdf
Language:
unknown
Relation:
Dipartimento di Ingegneria dell'Informazione - DEI; ICT FOR INTERNET AND MULTIMEDIA - INGEGNERIA PER LE COMUNICAZIONI MULTIMEDIALI E INTERNET Laurea Magistrale (D.M. 270/2004); 2024; https://hdl.handle.net/20.500.12608/94430
Availability:
https://hdl.handle.net/20.500.12608/94430
Accession Number:
edsbas.F08CCEBD
Database:
BASE

Weitere Informationen

open ; This thesis presents the development of a deliberately vulnerable hospital management system intended to facilitate hands-on learning in cybersecurity. The platform, built using Python Flask, SQLite, and Bootstrap, simulates realistic hospital workflows and includes multiple user roles such as doctors, lab technicians, administrators, and patients. Several common web application vulnerabilities from the OWASP Top 10 were intentionally implemented, including SQL Injection (SQLi), Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), XML External Entity (XXE) attacks, Broken Access Control, Broken Authentication, and Security Misconfiguration. Each vulnerability is embedded within role-specific features to mimic realistic security flaws in real-world applications. The system can operate in both vulnerable and secure modes, enabling users to compare behavior and security outcomes. Manual testing was conducted using standard penetration testing techniques and network analysis tools such as tcpdump and Wireshark. Although the platform has not yet been tested in classroom settings, it is designed to serve as a practical resource for students and instructors exploring web vulnerabilities in a safe and controlled environment. ; This thesis presents the development of a deliberately vulnerable hospital management system intended to facilitate hands-on learning in cybersecurity. The platform, built using Python Flask, SQLite, and Bootstrap, simulates realistic hospital workflows and includes multiple user roles such as doctors, lab technicians, administrators, and patients. Several common web application vulnerabilities from the OWASP Top 10 were intentionally implemented, including SQL Injection (SQLi), Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), XML External Entity (XXE) attacks, Broken Access Control, Broken Authentication, and Security Misconfiguration. Each vulnerability is embedded within role-specific features to mimic realistic security flaws in real-world applications. ...