OWASP Analyzer

Given a website or a folder to run files through, you can test vulnerabilities within your own system based on the top 10 most dangerous cyber threats on the OWASP list (2021)

Comment

Inspiration

The idea behind my own inspiration was through the club that I worked with: Merced Cybersecurity. Our club focused on making cybersecurity a presentable topic through teamwork and competitive competitions. Due to the focus of presentation being a key part of our club, applying cybersecurity in terms of a real project would be hard to identify just by trying to eye code on what you may see and the information that you constantly have to compare against. By creating a project such as this where you can showcase an idea of how penetration testing a system begins with identifying the weakest links in one's project, it would serve as a great tool to showcase problems in one's code without having to try too hard in researching the issues.

What it does

Through CLI or enabling the provided website interface, users can test their code through uploading a link or files to see if there are any found vulnerabilities within one's code.

How we built it

The tools mainly used to bring everything together was by using vue js for the front end and python serving as the backend.

Challenges we ran into

The biggest struggle came into understanding how to put many of the pieces together. Initially I've thought of putting AI agents to work on pentesting projects based on tools that were given, but the difficulty of hassling with API keys and setting an MCP server alongside a vulnerability scanner seemed too much to add within the same time frame, meaning that the sacrifice came in having to put more effort into the easily achievable part of creating a vulnerability scanner.

Accomplishments that we're proud of

In my project piece, I am most proud of getting the website interface to operate, as it finally made the ability of seeing the vulnerability scanner come to life visually.

What we learned

So far, I've learned about how to work with AI assistants such as Codex to assemble my frontend, backend, and the middleware with python.

What's next for OWASP Analyzer

To add more features that were planned, the project can be scaled with AI learning tools such as using MCP servers to help access tools directly on a host's machine to read beyond the OWASP vulnerabilties.

Built With

Share this project:

Updates