{"id":33,"date":"2025-03-06T18:51:37","date_gmt":"2025-03-06T18:51:37","guid":{"rendered":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/?p=33"},"modified":"2025-03-06T18:51:37","modified_gmt":"2025-03-06T18:51:37","slug":"my-journey-in-the-website-security-research-project","status":"publish","type":"post","link":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/2025\/03\/06\/my-journey-in-the-website-security-research-project\/","title":{"rendered":"My Journey in the Website Security Research Project"},"content":{"rendered":"\n<p>As I wrap up my <strong>Website Security Research Project<\/strong>, I\u2019ve been reflecting on my personal journey\u2014what I\u2019ve learned, the challenges I faced, and how I overcame them. Working on this project solo meant I had to take full ownership of the research, testing, and implementation, which was both a challenge and an opportunity to grow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Biggest Challenge &amp; How I Solved It<\/strong><\/h3>\n\n\n\n<p>The most difficult challenge I encountered was <strong>bypassing payment validation for the Deluxe Membership<\/strong>. Initially, I struggled to understand how the web application processed transactions, and I wasn\u2019t sure where the vulnerability existed. By analyzing <strong>HTTP requests<\/strong>, modifying parameters using <strong>Burp Suite<\/strong>, and researching real-world payment bypass attacks, I eventually found that the system relied too heavily on <strong>client-side validation<\/strong>. The fix? <strong>Implementing strict server-side validation<\/strong> to ensure that transactions couldn&#8217;t be manipulated through direct API requests.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Did I Have Doubts About Completing the Project?<\/strong><\/h3>\n\n\n\n<p>At first, yes. Security research can be overwhelming, and I questioned whether I would be able to <strong>identify and exploit vulnerabilities effectively<\/strong>. However, as I started breaking the project into smaller steps\u2014learning how to conduct <strong>XSS attacks<\/strong>, test for <strong>SQL injection<\/strong>, and simulate <strong>CSRF attacks<\/strong>\u2014I became more confident in my ability to analyze and secure a web application. Now, I feel much more capable of approaching security challenges systematically.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What Would I Do Differently?<\/strong><\/h3>\n\n\n\n<p>If I could start over, I would have planned <strong>a structured testing process earlier<\/strong>. Initially, I explored vulnerabilities in an unorganized way, which made it harder to track findings and document fixes. A more methodical <strong>penetration testing framework<\/strong>\u2014perhaps using <strong>OWASP\u2019s testing guide<\/strong>\u2014would have made my workflow more efficient.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key Takeaways from the Project<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Security is a continuous process<\/strong>\u2014fixing one vulnerability doesn\u2019t mean the system is secure.<\/li>\n\n\n\n<li><strong>Client-side validation is not enough<\/strong>\u2014attackers can easily modify requests.<\/li>\n\n\n\n<li><strong>Burp Suite is an invaluable tool<\/strong> for web security testing.<\/li>\n\n\n\n<li><strong>Understanding how attackers think<\/strong> is crucial for building secure applications.<\/li>\n\n\n\n<li><strong>Documenting findings from the start saves time later<\/strong> when implementing fixes.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Final Thoughts<\/strong><\/h3>\n\n\n\n<p>This project has been <strong>challenging but rewarding<\/strong>. I\u2019ve gained hands-on experience in <strong>ethical hacking, penetration testing, and secure coding<\/strong>, which has strengthened my technical skills. Going forward, I plan to continue learning about <strong>advanced security threats and defense mechanisms<\/strong> to further enhance my understanding of cybersecurity.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As I wrap up my Website Security Research Project, I\u2019ve been reflecting on my personal journey\u2014what I\u2019ve learned, the challenges I faced, and how I overcame them. Working on this project solo meant I had to take full ownership of the research, testing, and implementation, which was both a challenge and an opportunity to grow. [&hellip;]<\/p>\n","protected":false},"author":14585,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/users\/14585"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":1,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":34,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/posts\/33\/revisions\/34"}],"wp:attachment":[{"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/kristinsblog\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}