Project Showcase: Secure Stock Trading Simulator

As a programmer and ethical hacker, I've always been fascinated by the intersection of development and security. My latest project, the Stock-Trading-Simulator, is a full-stack web application that explores both of these worlds. It's a simulated banking and stock trading platform designed not only to be functional but also to be robust and secure.

This project was a fantastic opportunity to build a complex system from the ground up while prioritizing the security enhancements that are crucial for any real-world application.

The simulator provides a comprehensive environment for users to learn about and engage in simulated finance.

* Secure User Management: The platform features secure user registration and login, including robust password hashing with Flask-Bcrypt and a secure "Forgot Password" function.

* Banking Dashboard: Users can manage their finances with ease, including depositing and withdrawing funds, transferring money to other users (peer-to-peer transfers), and viewing a detailed transaction history.

* Fee System: A small, transparent fee is applied to all withdrawals and stock trades, with the collected fees stored in a dedicated, secure Global_Exchange account.

* Dynamic Stock Market Simulation: The platform provides a marketplace with simulated stocks for popular companies. Prices are updated automatically every 60 seconds to mimic real-world market fluctuations. Users can buy and sell shares, with a personal portfolio tracking their holdings and calculating profit/loss in real time.

* Modern Interface: The application has a clean, professional, and fully responsive user interface, providing a seamless experience on any device.

This project underwent significant security hardening, transforming it from a simple application into a robust platform ready for deployment. My goal was to think like an attacker to fortify its defenses.

* Strong Password Hashing: I upgraded from a basic hashing algorithm to Flask-Bcrypt, an industry-standard solution that uses unique salts to protect against brute-force and rainbow table attacks.

* CSRF Protection: I implemented Flask-WTF with CSRFProtect to prevent cross-site request forgery attacks, ensuring that all requests originate from the application itself.

* Secure Password Reset Links: The password reset functionality was modified to ensure sensitive tokens are never exposed in the user's browser, instead being handled securely on the server side.

* Secure Database Location: The SQLite database file has been moved to a non-web-accessible directory, preventing direct public access to sensitive user data.

This project was built using a modern and effective tech stack:

* Backend: Python and the Flask web framework, with Flask-SQLAlchemy for database interactions and APScheduler for the automated stock price updates.

* Frontend: Standard HTML, CSS, and JavaScript for a clean, responsive, and dynamic user experience.

* Database: A lightweight SQLite database stores all user data, transactions, and stock information.

This project was a fantastic learning experience, combining the challenges of full-stack development with a crucial focus on cybersecurity best practices. I'm excited to share it with the community.

You can view the full code and contribute on my GitHub repository: https://github.com/ghostface-security/Stock-Trading-Simulator

Feel free to check it out, run it locally, and let me know your thoughts in the comments!