This repo contains my implementation of Stanford's CS155 Computer Security course Project #2, which implements different web security attacks and defenses against a Node.js cryptocurrency web application called Bitbar.
Implemented seven different web security attacks and their defenses:
- Cookie Theft (XSS)
- Cross-Site Request Forgery
- Session Hijacking
- Cookie Tampering
- SQL Injection
- Profile Worm
- Password Extraction via Timing Attack
- XSS Protection
- CSRF Protection
- Cookie Security
- SQL Injection Prevention
- Side-Channel Attack Mitigation
- Node.js
- Express.js
- SQLite
- EJS Templating
- Docker
- All attacks were tested and verified to work in Firefox
- Defenses were implemented without relying on Express.js built-in protections