(Replace with your actual project screenshot)
| Feature | Description | Security Benefit |
|---|---|---|
| 🔐 JWT Authentication | Secure token-based auth with HTTP-only cookies | Prevents XSS token theft |
| 🛡️ Input Validation | Multi-layer validation (client + server) | Blocks injection attacks |
| ⏱️ Rate Limiting | 5 attempts/15 minutes on auth endpoints | Prevents brute force |
| 📜 Audit Logging | Tamper-evident logs of all critical actions | Enables accountability |
| 🚦 CORS Whitelisting | Strict origin control for API endpoints | Prevents CSRF attacks |
| 🔄 Secure Sessions | SameSite+Secure cookies with 1hr expiration | Mitigates session hijacking |
- Node.js 16+
- npm 8+
- SQLite3
# Clone repository
git clone https://github.com/yourusername/secure-dork.git
cd secure-dork
# Install dependencies
npm install
# Configure environment
cp .env.example .env
# Edit .env with your settings
# Start development servers
npm run devsecure-dork/
├── backend/ # Node.js server
│ ├── node/
│ │ ├── auth.js # Authentication middleware
│ │ ├── audit.js # Logging system
│ │ ├── server.js # Main application
│ │ └── db.js # Database configuration
├── frontend/ # React application
│ ├── src/
│ │ ├── api.js # API service layer
│ │ ├── App.js # Main application
│ │ └── components/ # UI components
└── docker-compose.yml # Container orchestration
sequenceDiagram
User->>Frontend: Enters credentials
Frontend->>Backend: POST /login (HTTPS)
Backend->>Backend: bcrypt.compare()
Backend->>Frontend: HTTP-only Cookie
Frontend->>Backend: Subsequent requests
Backend->>Backend: JWT verification
// Secure cookie settings
res.cookie('token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 3600000 // 1 hour
});
// Rate limiting middleware
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: 'Too many login attempts'
});| OWASP Risk | Mitigation |
|---|---|
| Injection | Parameterized queries + Input validation |
| Broken Auth | JWT + HTTP-only cookies + bcrypt |
| Sensitive Data Exposure | Secure cookie attributes |
| XXE | Disabled XML parsing |
| Broken Access Control | Route protection middleware |
| Security Misconfig | Helmet.js + CORS whitelisting |
| XSS | React DOM escaping + CSP |
| Insecure Deserialization | JSON parsing only |
| Vulnerable Components | npm audit + Dependabot |
| Insufficient Logging | Comprehensive audit trail |
# Run security audit
npm audit
# Run ESLint
npm run lint
# Run Jest tests
npm test
# Production build
npm run build
# Docker deployment
docker-compose up -d --build- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Project Maintainer: Rana Uzair Ahmad
Built with ❤️ by Dynamo2k1 | Documentation generated by SecureDork