Inspiration
Our main inspiration comes from being cybersecurity students eager to gain hands-on experience in our field of study. Despite our theoretical knowledge, we had never had the opportunity to apply it in practice, and we thought, "If not now, during our bachelor's year, then when?" This project gave us the perfect chance to bridge that gap.
We also firmly believe that projects like this are essential for the development of secure web applications. Vulnerabilities are a real and constant threat, and the number of people who seek to exploit them is significant. Addressing these risks proactively is not just a learning opportunity but also a necessity for creating a safer digital environment.
What it does
Our web application takes three inputs: a link to the web page, a link to the respective GitHub repository for the page, and a _ .csv _ file containing a list of vulnerabilities related to the page. In the background, the application tests which vulnerabilities are exploitable. As output, it displays the exploitable vulnerabilities along with a short description, the location in the code that caused the vulnerability, and recommended mitigation steps.
How we built it
To build the application, we used several server-side programming languages, frameworks, and a trained OpenAI model. The front end is built using _ SvelteKit _ and _ Tailwind CSS _, while _ Java _ serves as the back-end for the application. A _ Python script _ is used to check if the provided vulnerabilities are truly exploitable. _ OpenAI model _ is employed to simulate attacks and format the output into a human-readable form.
Challenges we ran into
The main challenge for us was figuring out whether a vulnerability is truly exploitable. Since we had never worked on a similar task before, we were unsure about the algorithms and methods needed to achieve this goal. Our knowledge was initially limited to basic theoretical concepts, which made it difficult to apply them in practice. Overcoming this hurdle required a lot of research, experimentation, and learning, which eventually helped us develop a functional approach despite our initial inexperience.
Accomplishments that we're proud of
Our application may not be perfect, but we take great pride in both our idea and the effort we’ve put into creating a user-friendly and visually appealing front end. Design of our interface is intuitive and engaging, ensuring that users can easily interact with the application. We’re confident that our idea has the potential to make a meaningful impact in the realm of vulnerability testing and mitigation.
What we learned
From this project, we learned a great deal about penetration testing, the various types of vulnerabilities, and how they can be exploited. It gave us practical insight into understanding security flaws and the importance of identifying their potential impact.
We also realized that working together as a united team is crucial when facing challenges like those presented in a hackathon. Effective collaboration, communication, and shared effort are essential for overcoming obstacles and successfully completing complex tasks under time pressure.
What's next for {WebWard}-(Bebra Inc.) - 2
Our solution is not perfect, and we recognize there is room for improvement. The next crucial step in the project’s development is to strengthen the back-end of our application by enhancing its performance and reliability. This includes implementing a more robust algorithm for processing _ .csv _ files efficiently and accurately, as well as refining the detection of exploitable vulnerabilities to ensure higher precision.
Additionally, we plan to further develop the OpenAI model to produce even more accurate and relevant outputs for vulnerability descriptions and mitigation steps. These improvements will make our application more reliable, effective, and user-friendly, moving us closer to achieving its full potential.
Log in or sign up for Devpost to join the conversation.