We are an university team composed by the students Alessandro Genova, Angelo Barbera and Alessandra Cascio

Our task concerns the development of a Demonstrator for Static Analysis of Web Applications for the Security Verification and Testing course of Politecnico di Torino. The work for this project consists of creating a demonstrator of the use of static analysis tools for web applications, which can be used for teaching purposes. The demonstrator must include:

1. A web application with a Node.js backend and a React frontend that contains different classes of vulnerabilities that can be detected by static code analysis tools. The application should be simple enough to be used for teaching purposes.
2. The list of potential vulnerabilities reported by static analysis tools and their classification as true positive and false positive, with the explanation for the classification of each item.
3. An exploit that showcases the exploitation of each real vulnerability that is present in the vulnerable application.
4. A fixed version of the application where all the real vulnerabilities detected by the static analysis tools have been fixed.