Design-Based Research Capstone

Database Defenders Capstone

A Design-Based Research capstone building a multi-layer automated data loss prevention system for Flask/Aurora — protecting against data corruption, enabling fast recovery, and helping operators make confident decisions under pressure.

Database Defenders - Automated Data Loss Prevention System

View Project

In Development

Project Leads Anvay Vahia, Mihir Bapat, Yash Parikh

Database Defenders

Preventing Data Loss Before It Happens

✓ Real-time Docker log analysis with LLM anomaly detection

✓ Automated Aurora snapshot scheduling and retention

✓ GitHub Pages control panel for backup and restore

✓ Pre-migration automatic snapshots and dry-run validation

✓ Comprehensive audit logging for all data-modifying operations

✓ Operator KSA framework for human-in-the-loop safety

Amazon Aurora / RDS AWS Lambda & CloudWatch Flask Python Backend LLM Anomaly Detection GitHub Actions CI/CD React/JS Frontend AWS IAM & S3

About

A multi-layer protection system built on top of Flask and Amazon Aurora to prevent, detect, and recover from data loss incidents. Parses Docker logs in real-time using LLM-based analysis to catch mass password resets, bulk user changes, and suspicious migration executions before they cause harm. Automated Aurora snapshots run on configurable schedules with defined RPO/RTO targets. A static GitHub Pages frontend lets operators trigger on-demand backups, approve migrations, and monitor system health — all without increasing cognitive load or introducing new failure modes.

Impact

Zero data loss incidents after full deployment

< 15 min detection time for anomalous DB operations

100% migration success rate with snapshot-backed rollback

Reduces operator cognitive load through structured dashboards

Teaches operators to trust, supervise, and intervene safely

Learn More

Database Defenders - Spring Security Hardening

View Project

In Development

Project Leads Anvay Vahia, Mihir Bapat, Yash Parikh

Security Fix Plan

Hardening the Spring Split-Brain Auth System

✓ Unified JWT + session auth with consistent logout

✓ ROLE_ prefix normalization across all Spring controllers

✓ Secrets moved out of application.properties to CI env

✓ Secure password reset with expiring single-use tokens

✓ Least-privilege API surface with explicit role policies

✓ S3 presigned URLs and IAM access controls

Spring Boot Security JWT Authentication Thymeleaf Templates PostgreSQL Audit Logs AWS S3 Presigned URLs GitHub Secrets / .env

About

A focused security hardening plan targeting the Spring backend's split-brain auth drift, over-permissive MVC endpoints, and embedded secrets. Unifies JWT cookie and session logout, normalizes all roles to ROLE_ prefix, restricts permitAll routes to a minimal whitelist, replaces the in-memory password reset system with signed short-lived tokens, and moves all credentials to environment secrets. Complementary to the database protection layer — together they form a full-stack security posture.

Impact

Zero unauthorized access incidents after rollout

All roles ROLE_-prefixed in Spring views and controllers

Logout clears both JWT and session on local and prod

All secrets removed from application.properties

100% sensitive endpoints mapped to explicit role policy

Learn More