Website Data Leak Scanner

Inspiration

GlitchSecure, our sponsor.

What it does

It thoroughly scans a website URL and its embedded external links to detect potential security vulnerabilities, including HTTPS enforcement, HSTS implementation, X-Frame protection, SSL certificate validity, and TLS encryption strength.

How we built it

We began by learning the fundamentals of cybersecurity, then shifted our focus to website security, specifically URL scanning. After researching the most widely used programming languages in cybersecurity, we chose Python to develop our program. Since this was our first experience with Python, we relied on multiple resources to guide us through the coding process.

Challenges we ran into

With no prior knowledge of cybersecurity or Python, we had to carefully assess our experience and the project scope. Given the time constraints, we refined our focus to a more achievable goal, ensuring a balance between learning and effective implementation.

What we learned

We learned Python from scratch and took our first steps into the cybersecurity field. Our journey covered the fundamentals of web security, including distinguishing between HTTP and HTTPS, understanding security headers, and exploring encryption methods like SSL and TLS. We also studied forced HTTPS enforcement (HSTS) and X-Frame options. Beyond technical skills, we learned how to use GitHub for version control, collaborated effectively as a team, and developed strong time management skills to stay on track throughout the project.

What's next for Website Data Leak Scanner

We aim to expand our scanner’s capabilities by diving deeper into security headers, including Content Security Policy (CSP) and Referrer-Policy. Additionally, we plan to implement an API leak checker to detect exposed sensitive data and integrate an SQL injection test to identify database vulnerabilities. These enhancements will strengthen our tool, making it more comprehensive and effective in safeguarding websites.