Skip to content
/ Vulnerability-Management Public

Vulnerability Management System: A .NET Core Web API project for managing vulnerabilities with PostgreSQL and JWT authentication.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ZeynepKURI/Vulnerability-Management

BranchesTags

Repository files navigation

Vulnerability Management System

This project aims to develop a Vulnerability Management System using .NET Core Web API and PostgreSQL. The system incorporates JWT authentication and authorization, CRUD operations, and a robust design pattern using Onion Architecture. It enables users to manage vulnerabilities by performing actions like creating, updating, viewing, deleting, and listing vulnerabilities.

Project Summary

The system is built for managing vulnerabilities efficiently and securely. Users authenticate via JWT tokens, and authorization checks ensure that users can only perform authorized actions. The API exposes endpoints for interacting with vulnerabilities, including listing, viewing details, adding new vulnerabilities, updating, and deleting existing ones. The CVSS (Common Vulnerability Scoring System) score is also calculated to assess the severity of vulnerabilities.

The system follows Onion Architecture, ensuring a clean separation of concerns, easy maintainability, and testability. Asynchronous methods are used to optimize performance, especially for operations like database access.

Project Requirements

  • .NET Core Web API
  • Onion Architecture for layered design
  • Asynchronous Operations for efficient database access
  • PostgreSQL database
  • JWT for user authentication and authorization
  • Factory Design Pattern usage
  • Swagger for API documentation

Features

1. User Authentication and Authorization

  • Users can log in using JWT, and authorization checks are performed.
  • Authentication is handled using a user model.

2. Vulnerability Management

  • Vulnerability Model:

    • ID
    • Name
    • Description
    • Severity
    • CVSS (Common Vulnerability Scoring System score)
    • CVE (Common Vulnerabilities and Exposures code)
    • Status (Open/Closed)

  • CVSS Score Calculation:

    • The CVSS scores for vulnerabilities are calculated and saved in the database.
    • New fields have been added to the database for CVSS score calculation.

3. Vulnerability Listing and Filtering

  • Vulnerabilities can be listed through a GET endpoint.
  • Filtering parameters:
    • Name
    • Severity
    • Status

4. CRUD Operations

  • Vulnerability API Endpoints:
    • GET: List and view vulnerability details
    • POST: Add new vulnerability
    • PUT: Update vulnerability
    • DELETE: Delete vulnerability

5. Validation

  • Validation processes for vulnerabilities:
    • The "Name" field cannot be empty.
    • The "Severity" field must have specific values.

6. Swagger Integration

  • Through Swagger:
    • Vulnerabilities can be listed.
    • Vulnerability details can be viewed.
    • Vulnerabilities can be updated and deleted.
    • New vulnerabilities can be added.
  • Error handling is managed properly, and users are informed in case of issues.

About

Vulnerability Management System: A .NET Core Web API project for managing vulnerabilities with PostgreSQL and JWT authentication.

Topics

clean-code response jwt-authentication onion-architecture asyncmethod

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages