Installation

Prerequisites

Before installing the Auth Security Demo, ensure your system meets these requirements:

System Requirements

Operating System: Linux, macOS, or Windows with WSL2
Python: Version 3.11 or higher (3.13 recommended)
RAM: Minimum 2GB available
Disk Space: At least 500MB free

Software Prerequisites

Python 3.11+ with pip
Git (for cloning the repository)
A modern web browser (Chrome, Firefox, Safari, or Edge)
Terminal/Command line access

Verify Python Installation

Check Python version

Ensure you have Python 3.11 or higher installed:

python3 --version

Expected output:

Python 3.13.x

If your Python version is below 3.11, please upgrade before continuing. Visit python.org for installation instructions.

Verify pip is available

Check that pip (Python package installer) is installed:

python3 -m pip --version

Expected output:

pip 24.x from /path/to/pip (python 3.13)

Installation Process

Clone the repository

Clone the Auth Security Demo source code:

git clone https://github.com/your-repo/auth-security-demo.git
cd auth-security-demo

Set up the vulnerable application

Install dependencies for the vulnerable version:

cd vulnerable
python3 -m pip install -r requirements.txt

The vulnerable app requires these packages:

Flask 3.0.0 - Web framework
python-dotenv 1.0.0 - Environment variable management
gunicorn 21.2.0 - WSGI HTTP server

Initialize the vulnerable database

Create and populate the database:

python3 database.py

Expected output:

✓ Base de datos vulnerable configurada (SQLite)

This creates users.db with two test accounts:

admin / admin123 (admin role)
usuario / password123 (user role)

Set up the secure application

Navigate to the secure directory and install dependencies:

cd ../secure
python3 -m pip install -r requirements.txt

The secure app requires additional security packages:

Flask 3.0.0 - Web framework
Werkzeug 3.0.0 - Password hashing utilities
Flask-WTF 1.2.1 - CSRF protection
python-dotenv 1.0.0 - Environment configuration
gunicorn 21.2.0 - Production server

Configure environment variables

Create a .env file in the secure directory:

echo "SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_hex(32)')" > .env

Never commit .env files to version control. They contain sensitive configuration data.

Initialize the secure database

Set up the secure database with hashed passwords:

python3 database.py

Expected output:

✓ Base de datos segura configurada (SQLite)

Verify Installation

Quick Test
Database Check
Port Availability

Test that both applications can start:

# Test vulnerable app
cd vulnerable
python3 -c "import flask; print('✓ Flask installed')"

# Test secure app
cd ../secure
python3 -c "import flask, flask_wtf; print('✓ All packages installed')"

Verify the databases were created:

# Check vulnerable database
ls -lh vulnerable/users.db

# Check secure database
ls -lh secure/users.db

Both files should exist and be several KB in size.

Ensure the required ports are available:

# Check if port 5000 is available (vulnerable app)
nc -zv localhost 5000 || echo "✓ Port 5000 available"

# Check if port 5001 is available (secure app)
nc -zv localhost 5001 || echo "✓ Port 5001 available"

Project Structure

After installation, your directory structure should look like this:

auth-security-demo/
├── vulnerable/
│   ├── app.py              # Vulnerable Flask application
│   ├── database.py         # Database setup (plain text passwords)
│   ├── requirements.txt    # Python dependencies
│   ├── users.db           # SQLite database
│   ├── templates/         # HTML templates
│   └── static/            # CSS, JS files
├── secure/
│   ├── app.py             # Secure Flask application
│   ├── database.py        # Database setup (hashed passwords)
│   ├── requirements.txt   # Python dependencies with security libs
│   ├── .env              # Environment variables (SECRET_KEY)
│   ├── users.db          # SQLite database
│   ├── templates/        # HTML templates
│   └── static/           # CSS, JS files
└── render.yaml           # Deployment configuration

Dependency Reference

Flask==3.0.0
python-dotenv==1.0.0
gunicorn==21.2.0

Troubleshooting Installation

pip install fails with permissions error

Use the --user flag to install packages without root access:

python3 -m pip install --user -r requirements.txt

Or use a virtual environment (recommended):

python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install -r requirements.txt

Python version too old

If you have Python 3.10 or older, install Python 3.13:Ubuntu/Debian:

sudo apt update
sudo apt install python3.13 python3.13-venv python3-pip

macOS (Homebrew):

brew install [email protected]

Windows: Download from python.org

Database creation fails

Ensure you have write permissions in the directory:

# Check permissions
ls -ld vulnerable/ secure/

# If needed, fix permissions
chmod 755 vulnerable secure

Delete existing databases and recreate:

rm vulnerable/users.db secure/users.db
cd vulnerable && python3 database.py
cd ../secure && python3 database.py

Package conflicts or version errors

Create a clean virtual environment:

python3 -m venv clean-env
source clean-env/bin/activate
pip install --upgrade pip
pip install -r requirements.txt

Get Started

Vulnerabilities

Security Best Practices

Lab Setup

Prerequisites

Verify Python Installation

Installation Process

Verify Installation

Project Structure

Dependency Reference

Troubleshooting Installation

Next Steps

Running the Demos

Testing Vulnerabilities

Build docs developers (and LLMs) love

Get Started

Vulnerabilities

Security Best Practices

Lab Setup

​Prerequisites

​Verify Python Installation

​Installation Process

​Verify Installation

​Project Structure

​Dependency Reference

​Troubleshooting Installation

​Next Steps

Running the Demos

Testing Vulnerabilities

Build docs developers (and LLMs) love

Prerequisites

Verify Python Installation

Installation Process

Verify Installation

Project Structure

Dependency Reference

Troubleshooting Installation

Next Steps