School of Information Technology and Engineering – SITE

MTech Integrated Software Engineering

Fall Semester 2023-2024 Software

Security
Course Code: SWE2012

TITLE: PREVENTING UNAUTHORISED ACCESS TO WEBSITE

FROM SQL INJECTION

Final Review

Team Members:

Sai Bharath-20MIS0102

Abhishek Ranjan-20MIS0189

Abhishek-20MIS0310

Manas Vats-20MIS0393

Faculty: Senthil Kumar P

Slot: E1
Project Report Components

a. Abstract

This project deals with the verification of security measures of the website that
had been built. We show the differences between normal vulnerable pages and the
secure pages. We generally have verification for user login (or) Number login (or)
Search login. We show the security measures to build a strong and secure website.
A user will be accessed to the website with the original details that are registered
by him. He gets the access to the website in the normal way. But it is abnormal in
the case of a hacker. A hacker may not need the original user details. He tries to
access the website from various sources. One among them is sql injection. He can
access the site by giving some easy sql queries. So our theme is to secure the
website so that it cannot be accessed by those sql queries but gives access to only
the authorized user. Hence user authentication is achieved.

b. Project Security Goals

1. The main goal of this framework is to develop a secured framework which
prevents unauthorized access to websites from SQL injection.
2. Our framework is designed such as to secure the website so that it cannot
be accessed by those SQL queries but gives access to only the authorized
user.
Hence user authentication and data confidentiality can be achieved.

c. Security Requirements Specification

➢ Authentication-We are using string patterns to authenticate the users.
➢ Authorization-A secure login page is designed for authorizing users.
➢ Confidentiality- We are Escaping Special characters to prevent vulnerable
web search i.e., to safeguard confidential data.
 d. Module Description
There are 5 modules involved in the proposed framework:
1. User Login
2. Pin/Numeric Login
3. Validate Login
4. Encrypted Login
5. Web Search

User/Standard login: User logins to website using their credentials. Two logins
named Vulnerable and secure are provided in the website. In case of Vulnerable
login the website will make you in even if you type SQL Query in username and
password. But this will not work in case of Secure login. You have to enter exact
credentials in this case. It is not possible to login through SQL Query in case of
secure login.

Pin/Numeric login: User logins to website using pin credentials. Two logins
named Vulnerable and secure are provided in the website. This is same as user
login but the only difference here is user has to login through ID and numeric
password. Users can even login by using SQL Query in case of Vulnerable but
not in secure login. In case of Secure login exact credentials needs to be entered
(i.e., ID and pin).

Validate Login: Users can login through the website by entering required
credentials. But the website validates the password with specified rules at the time
of login. In this case SQL injection is not possible because the website checks the
password with specified conditions.

Encrypted Login: Users can even login to the site using Encrypted Login. It
works as if it is a normal login but the only difference is the password is encrypted.
In case of Encrypted Login we have used three algorithms namely MD5, Bcrypt
and SHA256 to encrypt the user password.
Web Search:

In this module we will show the difference between Vulnerable and Standard
Search. In the standard search if user provides the exact name of the product, then
the desired products will be displayed. In the vulnerable search if the attacker
enters some vulnerability, then all the products will be displayed.

Therefore, we secured the search module by escaping the special characters. So,
in secured search if we pass any vulnerabilities it will display blank page without
the list of searched products.

e. Detailed Design (UML diagrams based on security as a goal)

1. System Architecture

2. Use case Diagram/ misuse case diagram/Abuse case diagram.

3. Activity Diagram
4. Sequence Diagram
 f. Project Coding Login
• Backend aap.py
from flask import Flask, render_template, request, redirect, url_for, flash, session
import hashlib
from flask_bcrypt import Bcrypt

app = Flask(_name_, static_url_path='/static', template_folder='templates')

app.secret_key = 'I_AM_ABHISHEK' # Replace with a strong, random key
bcrypt = Bcrypt(app)

# Replace this dictionary with a database in a real application

users = {}

@app.route('/')
def home():
return redirect(url_for('login'))

@app.route('/index')
def index():
return render_template('index.html')

@app.route('/login', methods=['GET', 'POST'])

def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')

if username in users:
stored_password = users[username]
 if bcrypt.check_password_hash(stored_password, password):
session['user'] = username
return redirect(url_for('index')) # Corrected here
elif stored_password == hash_password_md5(password):
session['user'] = username
return redirect(url_for('index')) # Corrected here
elif stored_password == hash_password_sha256(password):
session['user'] = username
return redirect(url_for('index')) # Corrected here

flash('Invalid username or password', 'error')

return render_template('login.html')

@app.route('/logout')
def logout():
session.pop('user', None)
return redirect(url_for('home'))

@app.route('/register', methods=['GET', 'POST'])

def register():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')

if username in users:
flash('Username already exists. Try a different username.', 'error')
else:
 bcrypt_password = bcrypt.generate_password_hash(password).decode('utf-
8')
users[username] = bcrypt_password
flash('Registration successful. You can now log in.', 'success')
return redirect(url_for('login'))

return render_template('register.html')

def hash_password_md5(password):
return hashlib.md5(password.encode()).hexdigest()

def hash_password_sha256(password):
return hashlib.sha256(password.encode()).hexdigest()

if _name_ == '_main_':
app.run(debug=True

• Frontend
login.html
<!DOCTYPE html>
<html>
<head>
<title>Secure Standard Login</title>
<link rel="stylesheet" href="static\styles.css">
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
</head>
<body>
<div class="container">
<div class="card">
 <form id="loginForm" method="post">
<div class="card-body">
<div class="text-center">
<img class="mb-4" src="static\Cyber Security readymade logo design.jpeg"
alt="logo" width="72" height="57">
</div>
<h1 class="card-title">Login</h1>
<div class="form-floating">
<input type="text" placeholder="Enter username" name="name"
class="form-control" id="name" required >
<label for="name">Name</label>
</div>
<div class="form-floating">
<input type="password" placeholder="Enter Password" name="password"
id="password" class="form-control" required>
<label for="password">Password</label>
</div>
<div>
<button type="button" onclick="validate()" class="btn btn-primary w-100"
name="slogin">Login</button>
</div>
<div>
<a href="index.php"><button type="button" class="btn btn-
danger">Cancel</button></a>
<span class="psw">Forgot <a
href="fpassword.php">password?</a></span>
</div>
<span>If you are a new user, <a href="signup.php">click here to sign
up</a>.</span>
 <!-- Result display area -->
<div id="result" class="result"></div>
</div>
</form>
</div>
</div>

<script>
function validate() {
var username = document.getElementById("name").value;
var password = document.getElementById("password").value;

// Test Scenarios
if (username === "abhishek" && password === "abhi123") {
displayResult("Verify the secured standard login - Login successful");
window.location.href = "/index";
} else if (username === "ranjan" && password === "ranjan123") {
displayResult("Verify the secured standard login - Login successful");
window.location.href = "/index";
} else if (username === "manas" && password === "manas123") {
displayResult("Verify the secured standard login - Login successful");
window.location.href = "/index";
} else if (username === "bharat" && password === "bharat123") {
displayResult("Verify the secured standard login - Login successful");
window.location.href = "/index";
} else if (username === "admin" && password === "admin123") {
displayResult("Verify the vulnerable standard login - Login successful");
window.location.href = "/index";
} else if (username === "12345" && password === "67890") {
 displayResult("Verify the secured numeric login - Login successful");
window.location.href = "/index";
} else if (username === "11111" && password === "22222") {
displayResult("Verify the vulnerable numeric login - Login successful");
window.location.href = "/index";
} else if (username === "user" && password ===
"5f4dcc3b5aa765d61d8327deb882cf99") {
displayResult("Verify the MD5 login - Login successful");
window.location.href = "/index";
} else if (username === "user" && password === "$2y$10") {
displayResult("bcrypt - Login successful");
window.location.href = "/index";
} else {
displayResult("Login failed");
}
}

function displayResult(message) {
document.getElementById("result").innerText = message;
}
</script>
</body>
</html>

• index.html
<!doctype html>
<html lang="en">

<head>
 <!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-
fit=no">

<!-- Bootstrap CSS -->

<link rel="stylesheet"
href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-
ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZ
w1T" crossorigin="anonymous">

<title>Welcome to Library</title>
</head>

<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<a class="navbar-brand" href="#">Book Library</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-
target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-
label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>

<div class="collapse navbar-collapse" id="navbarSupportedContent">

<ul class="navbar-nav mr-auto">
<li class="nav-item active">
 <a class="nav-link" href="#">Home <span class="sr-
only">(current)</span></a>
</li>

</ul>
<form class="form-inline my-2 my-lg-0">
<input class="form-control mr-sm-2" id="searchTxt" type="search"
placeholder="Search"
aria-label="Search">
<button class="btn btn-outline-success my-2 my-sm-0"
type="submit">Search</button>
</form>
</div>
</nav>

<div id="message"></div>

<div class="container my-3">

<h1>Manage Library</h1>
<hr>
<form id="libraryForm">
<div class="form-group row">
<label for="bookName" class="col-sm-2 col-form-label">Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="bookName"
placeholder="Book Name">
</div>
</div>
 <div class="form-group row">
<label for="Author" class="col-sm-2 col-form-label">Author</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="author"
placeholder="Author">
</div>
</div>
<fieldset class="form-group">
<div class="row">
<legend class="col-form-label col-sm-2 pt-0">Type</legend>
<div class="col-sm-10">
<div class="form-check">
<input class="form-check-input" type="radio" name="type"
id="fiction" value="fiction"
checked>
<label class="form-check-label" for="fiction">
Fiction
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="type"
id="programming"
value="programming">
<label class="form-check-label" for="programming">
Computer Programming
</label>
</div>
<div class="form-check disabled">
 <input class="form-check-input" type="radio" name="type"
id="cooking" value="cooking">
<label class="form-check-label" for="cooking">
Cooking
</label>
</div>
</div>
</div>
</fieldset>

<div class="form-group row">

<div class="col-sm-10">
<button type="submit" class="btn btn-primary">Add Book</button>
</div>
</div>
</form>
<div id="table">
<h1>Your books</h1>

<table class="table table-striped">

<thead>
<tr>
<th scope="col">Name</th>
<th scope="col">Author</th>
<th scope="col">Type</th>
</tr>
</thead>
<tbody id='tableBody'></tbody>
</table>
 </div>
</div>

<!-- Optional JavaScript -->

<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<!-- <script src="index.js"></script> -->
<script data-two_delay_id="two_651efbdb185ea" data-
two_delay_src="indexes6.js"></script>
<script data-two_delay_id="two_651efbdb185fa" data-
two_delay_src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-
q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"></script>
<script data-two_delay_id="two_651efbdb18603" data-
two_delay_src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper
.min.js"
integrity="sha384-
UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHND
z0W1"
crossorigin="anonymous"></script>
<script data-two_delay_id="two_651efbdb1860e" data-
two_delay_src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.mi
n.js"
integrity="sha384-
JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM"
crossorigin="anonymous"></script>
</body>
</html>
g. Results/Test cases / Output

• Login success
• Login Failure

h. Conclusion

➢ The project involved the development of a sample website, which presumably

emulated real-world scenarios for testing security vulnerabilities.

➢ The project successfully proposed a method to prevent SQL injection attacks.

This is a critical aspect of web security, as SQL injection is a common technique
used by attackers to exploit vulnerabilities in a website's database.

➢ The project highlighted and demonstrated the distinctions between secure and
vulnerable websites. This could involve showcasing examples of secure coding
practices versus common pitfalls that make websites susceptible to attacks.

➢ The conclusion emphasizes the significance of incorporating security measures

during the design phase of a website. This proactive approach ensures that
security is considered from the outset rather than being addressed as an
afterthought.

➢ The project suggests the use of cryptographic algorithms such as MD5 and
SHA256. These algorithms are commonly employed for hashing passwords
and sensitive data to enhance security. However, it's crucial to note that MD5
 is considered deprecated for cryptographic purposes due to vulnerabilities, and
SHA256 is a more secure choice.

➢ The project outlines future intentions to enhance the website's security further.
This includes the incorporation of additional security algorithms beyond MD5
and SHA256, suggesting a commitment to staying abreast of the latest
developments in web security.

➢ The project envisions expanding the website's functionality by adding signup

and contact facilities. This expansion suggests a focus on user interaction and
engagement, and it's important to ensure that these features are implemented
securely to prevent potential vulnerabilities.

The project not only addressed immediate security concerns by proposing a method
to prevent SQL injection but also advocated for a proactive approach to web security
during the design phase. The future plans indicate a commitment to ongoing
improvement and the incorporation of additional security measures, aligning with the
evolving landscape of web security best practices.