hoo2/InformationSystemsSecurity

Go to file

Christos Choutouridis c5a062d073 A final version of the report.

2026-01-12 15:08:05 +02:00

Readme rework

2026-01-12 13:07:40 +02:00

A final version of the report.

2026-01-12 15:08:05 +02:00

.gitignore

Init commit with passman (and XSS) files aranged as a deployed environment

2026-01-10 17:56:35 +02:00

.gitmodules

Prepare report files

2026-01-10 22:03:55 +02:00

LICENCE

Move licence and readme to the root of the repo

2026-01-12 12:44:50 +02:00

Readme.md

Readme rework

2026-01-12 13:07:40 +02:00

Εργασία-Ασφάλειας 2025-2026.pdf

Init commit with passman (and XSS) files aranged as a deployed environment

2026-01-10 17:56:35 +02:00

Readme.md

Password Manager Security Assignment

About

This repository contains an improved and secured version of a simplified web-based password manager. The project was developed in the context of a university assignment on Aristotle's University of Thessaloniki(AUTh) Information Systems Security class. The original application intentionally contained multiple security vulnerabilities. The purpose of this work was to identify, analyze, and mitigate these vulnerabilities using well-established security practices.

The application is implemented in PHP and uses a MySQL database for data storage. The deployment is fully containerized using Docker and Docker Compose, ensuring reproducibility and ease of execution across different operating systems.

Architecture Overview

The application is deployed as a multi-container system. Each component has a clearly defined role and responsibility. All services are isolated and communicate only through Docker-managed networks.

Components:

Web Application (PHP)
Database (MySQL)
Reverse Proxy and HTTPS (Caddy)

Deployment Instructions

The deployment process is identical for Linux and Windows. The only requirement is a working Docker installation.

Prerequisites

Docker
Docker Compose (included in modern Docker installations)

No additional software such as Apache, PHP, or MySQL is required on the host system.

Deployment on Linux

Open a terminal.
Navigate to the project directory containing docker-compose.yml.
Run the following command:
```
docker compose up -d --build
```
Wait until all containers are built and started.
Access the application through your browser using: https://localhost

Deployment on Windows

Install Docker Desktop for Windows.
Ensure that WSL2 is enabled (Docker Desktop will guide you automatically).
Open PowerShell or Command Prompt.
Navigate to the project directory containing docker-compose.yml.
Run the following command:
```
docker compose up -d --build
```
Once the containers are running, open a browser and navigate to: https://localhost

Notes on Reproducibility

The use of Docker ensures that:

The application behaves identically on all supported operating systems
No manual configuration of web servers or databases is required
Environment-specific issues are minimized

This approach allows evaluators to focus on the security aspects of the application rather than deployment complexity.

Disclaimer

This project was developed solely for educational purposes. It is provided "as is", without any express or implied warranties. The author assumes no responsibility for any misuse, data loss, security incidents, or damages resulting from the use of this software. This implementation should not be used in production environments.

All work, modifications, and security improvements are the sole responsibility of the author.