Web Security Demonstration Platform

Educational Security Vulnerability Demonstration Project

About This Project

web security demonstration platform built with ASP.NET Core Razor Pages. This project showcases common web application vulnerabilities and their corresponding security implementations.

Purpose & Educational Value
  • Demonstrate real-world web security vulnerabilities
  • Show both vulnerable and secure implementation patterns
  • Provide hands-on testing environment for security researchers
  • Educational resource for developers and security professionals
Featured Vulnerabilities
  • XSS - Cross-Site Scripting
  • CSRF - Cross-Site Request Forgery
  • SSRF - Server-Side Request Forgery
  • SQL Injection - Database injection attacks
  • XXE - XML External Entity injection
  • Open Redirect - URL redirection vulnerabilities
  • File Upload - Unrestricted file upload
  • Path Traversal - Directory traversal attacks
Security Features Implemented
  • JWT-based authentication and authorization
  • Input validation and sanitization middleware
  • Rate limiting and account lockout protection
  • Security headers (CSP, HSTS, X-Frame-Options)
  • CORS protection and secure error handling
  • Comprehensive security logging and monitoring

Important Disclaimer

WARNING: This application contains intentional security vulnerabilities for educational purposes only.
  • Do NOT deploy to production - This application is designed for educational and testing purposes only
  • Use in isolated environments - Deploy only in controlled, isolated testing environments
  • Educational purpose - Designed to help developers and security professionals understand vulnerabilities
  • No warranty - Use at your own risk and responsibility

Getting Started

Quick Navigation
Vulnerability Demos:
Additional Demos:
View API Documentation Start with SQL Injection Demo