Assessfy Pvt. Ltd Advanced 5 milestones 100 marks

Web Application Vulnerability Scanner (OWASP Top 5)

Target year: BE Sem 7-8 (Major Project Phase-I/II) AICTE: 6 credits · ~150 hrs Bloom: Create / Evaluate MU CBCS: CSC801 / CSDLO8021 BE Project

Real-world project · AICTE-aligned · AI-graded · Audit-ready certificate

Enroll as Student Mentor this project

Milestones

Available mentors

Enrolled students

Core skills

About this project

Build a CLI + web-UI tool that takes a target URL and scans for the OWASP Top 5 vulnerabilities (SQL injection, XSS, broken auth, sensitive data exposure, security misconfigs). Generates an HTML report with severity ratings + remediation hints. Tested against deliberately-vulnerable demo apps (DVWA + Juice Shop).

Course Learning Outcomes (CLOs):
CLO1: Analyze the OWASP Top 10 attack surface of a web application.
CLO2: Implement automated detection logic for SQL injection + XSS.
CLO3: Evaluate authentication + session-management weaknesses.
CLO4: Create a structured, actionable security report.
CLO5: Operate within ethical-use guidelines and document scope explicitly.

Industry/societal relevance: Indian cybersecurity hiring is on a steep curve (CERT-In mandate); portfolio gold for AppSec / VAPT roles at Deloitte, KPMG, EY, Wipro.

Milestones

1. Scope Document + Ethical Guidelines

10 marks 7d

Write a 1-page scope doc: what the scanner does, what it does NOT (no DoS, no automated exploitation). Sign an ethical-use declaration. Set up isolated Docker network with DVWA + Juice Shop.

2. HTTP Crawler + Form Discovery

15 marks 10d

Crawl the target site, extract all forms + URL parameters. Output a JSON inventory of attack surface. Test on DVWA.

3. SQL Injection + XSS Detection

25 marks 18d

For each form input, inject canonical SQLi + XSS payloads, detect by response signatures (errors, reflected payloads). Log severity + endpoint with proof.

4. Auth + Security-Header Checks

20 marks 14d

Check for missing CSRF tokens, weak session cookies, missing security headers (CSP, HSTS, X-Frame-Options). Flag each finding with CWE reference.

5. HTML Report + Web UI + Final Defense

30 marks 21d

Generate styled HTML report grouped by severity (Critical/High/Medium/Low) with remediation links to OWASP guidelines. Flask UI to view past scans. Oral defense + 6-page report.

Open internships using this project -->

Skills you'll learn

Web SecurityOWASP Top 10PythonHTTP fundamentalsSQL Injection patternsXSS payloadsNetwork ScanningEthical HackingReport Generation

Tools used

Python 3.11requestsBeautifulSoup4python-nmapJinja2 (HTML report)Docker (to host DVWA + Juice Shop)GitHub

Prerequisites

Python intermediate; HTTP request/response model; basic understanding of how SQL/JavaScript work; signed ethical-use declaration before scanning any external target

Available mentors

No mentors have signed up for this project yet.

Be the first to mentor

You'll earn — Certificate (PDF)

AICTE-aligned Project Completion Certificate

A formal, audit-ready PDF certificate issued by Assessfy + your institute on successful completion. Includes AICTE credit hours, your evaluator's signature, and a QR code for third-party verification.

AICTE-aligned

Certificate of Project Completion

This is to certify that

has successfully completed the project

Web Application Vulnerability Scanner (OWASP Top 5)

Scan to Verify

Date

Signature

Auto-issued on completion QR-verifiable

You'll earn — Digital Badge

Shareable LinkedIn / Resume Skill Badge

A compact, verifiable Open-Badges-2.0-compliant digital credential. Add to your LinkedIn profile, GitHub README, or resume in one click. Recruiters can validate authenticity via a unique URL.

Advanced

Web Application Vulnerability Scanner…

Assessfy

Auto-issued on completion One-click LinkedIn add