This application is a PHP-based system created exclusively for evaluating technical knowledge in code analysis and vulnerability remediation.
The project serves as a practical environment for Application Security (AppSec) testing. The candidate must analyze the source code to:
- Identify vulnerabilities (e.g., Injection, XSS, Path Traversal, authentication flaws, etc.).
- Classify severity and explain the risks and impacts of each flaw.
- Demonstrate exploitation (PoC - Proof of Concept) of the found vulnerabilities.
- Propose solutions and fix the code by applying secure development best practices.
controllers/- Application controllers (Authentication, Reports, User Profile).models/- Data representation and persistence models.services/- Auxiliary services (File upload, Batch processing).utils/- Utility classes and security functions (intentionally flawed).config/- Configuration files.