DEV Community: BALLA NAGA V VENKATA SATYA NARASIMHAMURTHY

Netra-security

BALLA NAGA V VENKATA SATYA NARASIMHAMURTHY — Sun, 14 Jun 2026 13:49:18 +0000

🔱 Building Netra Security: Creating a Python-Based Static Application Security Testing (SAST) Tool

As a cybersecurity student, I've always been curious about how tools like SonarQube, Semgrep, and other Static Application Security Testing (SAST) platforms identify vulnerabilities before software reaches production.

Instead of just learning how to use these tools, I wanted to understand how they work internally. That curiosity led me to build Netra Security, a lightweight SAST platform developed using Python.

In this article, I'll share the motivation behind the project, how it works, and what I learned while building it.

What is Netra Security?

Netra Security is a Python-based static code analysis tool designed to identify common security vulnerabilities directly from source code.

The name Netra is inspired by the concept of the "third eye," representing the ability to detect hidden security issues before they become exploitable vulnerabilities.

The goal was not to create a replacement for enterprise security scanners but to learn the fundamentals of:

Static code analysis
Secure coding practices
Vulnerability detection
Abstract Syntax Tree (AST) analysis
Security tooling development

The Problem

Many security vulnerabilities are introduced during development.

Common examples include:

os.system(user_input)

eval(user_input)

exec(user_input)

pickle.loads(user_data)

subprocess.run(user_input, shell=True)

These patterns can lead to:

Command Injection
Code Injection
Arbitrary Code Execution
Insecure Deserialization

The idea behind Netra Security is simple:

Detect insecure coding patterns before they become security incidents.

Version 1: Rule-Based Detection

The first version of Netra Security relied on string matching and regular expressions.

Example rule:

{
    "id": "NETRA-001",
    "pattern": "os.system(",
    "issue": "Command Injection",
    "severity": "CRITICAL"
}

The scanner reads source code line by line and checks whether dangerous patterns appear.

This approach was easy to implement and worked surprisingly well for basic detection.

However, it had a major problem.

False Positives

Consider:

message = "Never use eval() in production"

A simple string scanner would incorrectly flag this as a vulnerability even though it is only text.

This limitation motivated the next step.

Introducing AST Analysis

Python provides a built-in module called ast (Abstract Syntax Tree).

AST converts source code into a tree structure that represents the actual logic of the program.

For example:

os.system(user)

becomes a function call node.

Instead of searching for text, we can inspect the code structure itself.

Example:

for node in ast.walk(tree):

    if isinstance(node, ast.Call):

        if isinstance(node.func, ast.Attribute):

            if node.func.attr == "system":

                print("Command Injection Risk")

This significantly reduces false positives and provides more reliable results.

Vulnerabilities Currently Detected

Netra Security currently detects:

ID	Vulnerability	Severity
NETRA-001	Command Injection	Critical
NETRA-002	Code Injection	Critical
NETRA-003	Hardcoded Password	High
NETRA-004	Hardcoded API Key	High
NETRA-005	Arbitrary Code Execution	Critical
NETRA-006	Insecure Deserialization	High
NETRA-007	Dangerous Subprocess Usage	High

Each finding includes:

Rule ID
Severity
Line Number
Vulnerable Code
Remediation Recommendation

Sample Output

=== NETRA SECURITY REPORT ===

Total Findings: 5

ID       : NETRA-001
Severity : CRITICAL
Issue    : Command Injection
Line     : 13
Code     : os.system(user)

Fix      : Use subprocess.run(..., shell=False)

Lessons Learned

Building Netra Security taught me several important concepts:

Static Analysis Is More Complex Than It Looks

Initially, I assumed security scanning was mostly pattern matching.

In reality, reducing false positives is one of the hardest challenges.

AST Is Extremely Powerful

AST enables analysis based on code behavior rather than raw text.

This is how many professional security tools achieve better accuracy.

Security and Development Are Closely Connected

Developers who understand security can prevent many vulnerabilities before they reach production.

Future Improvements

The project is still evolving.

Planned features include:

Additional OWASP Top 10 checks
Multi-file project scanning
Folder-level analysis
Web-based dashboard using Flask
JSON and CSV report exports
Risk scoring engine
CI/CD integration
GitHub repository scanning

Final Thoughts

Building Netra Security gave me a much deeper understanding of how static analysis tools work and how vulnerabilities can be detected before software is deployed.

The project started as a simple pattern-matching scanner and gradually evolved into an AST-powered security analysis engine.

There is still a long way to go, but that's what makes cybersecurity and software engineering exciting—there is always something new to learn and improve.

If you're learning Python, cybersecurity, or application security, I highly recommend building your own security tools. You'll learn far more than simply using existing ones.

Thanks for reading!

GitHub Repository:
Netra-security

python #cybersecurity #appsec #security #sast #flask #beginners #opensource

Phishgaurd

BALLA NAGA V VENKATA SATYA NARASIMHAMURTHY — Sun, 07 Jun 2026 11:00:00 +0000

PhishGaurd

Phishing Awareness Training Platform

An interactive cybersecurity awareness website that teaches users how to identify, avoid, and report phishing attacks through real-world simulations, interactive exercises, quizzes, and verifiable certificates. :contentReference[oaicite:0]{index=0}

🌟 Features

📧 Interactive Phishing Demo

Analyze realistic phishing emails
Identify suspicious links, fake domains, urgency tactics, and spoofed senders
Interactive red-flag detection system with explanations for each warning sign :contentReference[oaicite:1]{index=1}

🕵️ Real-World Attack Examples

Banking phishing scams
IT help desk credential theft
Package delivery scams
Fake job offers
Business Email Compromise (BEC) scenarios

🛡️ Security Best Practices

Enable Multi-Factor Authentication (MFA)
Verify sender addresses
Hover before clicking links
Verify requests through separate channels
Use password managers
Report suspicious emails
Keep software updated
Think before acting

🧠 Knowledge Assessment

Interactive phishing awareness quiz
Immediate feedback for every question
Educational explanations for correct and incorrect answers
Start button-controlled timer
Score tracking system :contentReference[oaicite:4]{index=4}

🏆 Professional Certificate System

Certificate of Completion
Unique Certificate ID
PDF Download
Professional corporate design
QR Code verification
Issue date tracking
Signature and organization seal areas

🔍 Certificate Verification

Verify certificates using Certificate ID
QR-code based verification
Validation status display
Verification URL support
Local certificate records storage :contentReference[oaicite:6]{index=6}

🎯 Learning Objectives

After completing this training, users will be able to:

Recognize phishing emails and malicious websites
Identify social engineering tactics
Detect spoofed domains and fraudulent links
Protect sensitive information online
Apply cybersecurity best practices
Respond appropriately to phishing attempts

🛠️ Built With

HTML5
CSS3
JavaScript (Vanilla JS)
Canvas API
LocalStorage API
html2canvas
jsPDF
QR Code Generator

📚 Training Modules

1. Interactive Demo

Learn how attackers manipulate users through realistic phishing emails.

2. Attack Examples

Explore common phishing campaigns and understand their warning signs.

3. Defense Strategies

Master practical techniques for staying secure online.

4. Awareness Quiz

Test your knowledge with scenario-based cybersecurity questions.

5. Certification

Generate a professional completion certificate after successfully completing the training.

🏅 Certificate Features

Each certificate includes:

Participant Name
Certificate ID
Date of Issue
Verification URL
QR Verification Code
Authorized Signatures
Organization Seal
Completion Statement

🔐 Verification System

Certificates can be verified by:

Entering the Certificate ID.
Using the Verify Certificate page.
Scanning the QR code.
Opening the verification URL.

The system confirms certificate authenticity and displays holder information. :contentReference[oaicite:8]{index=8}

🚀 Getting Started

Clone the Repository

git clone https://github.com/NARASIMHAMURTHY4616/PhishGuard.git

Open the Project

cd PhishGuard

Open:

index.html

in your browser.

No installation required.

📱 Responsive Design

Desktop
Laptop
Tablet
Mobile Devices

🎓 Educational Purpose

This project was developed to promote cybersecurity awareness and educate users about phishing attacks, social engineering techniques, and safe online practices.

📸 Screenshots

inprocess

Homepage -
Interactive Email Demo
Attack Examples
Quiz Interface
Certificate Generation
Certificate Verification

🤝 Contributing

Contributions are welcome.

Fork the repository
Create a feature branch
Commit your changes
Submit a Pull Request

📜 License

This project is intended for educational and cybersecurity awareness purposes.

👨‍💻 Author

narasimha balla -A cyber secutiry student
github
Developed as a cybersecurity awareness and phishing prevention training project.

Building Cinemind-AI 🎬 | My First AI Movie Chatbot with Flask, Gemini & MongoDB

BALLA NAGA V VENKATA SATYA NARASIMHAMURTHY — Sun, 19 Apr 2026 05:05:32 +0000

🎬 Cinemind-AI

I recently built my own AI chatbot called Cinemind-AI — a movie-focused assistant that answers questions about films, actors, and directors.

This project helped me understand how real AI applications work behind the scenes.

🚀 What is Cinemind-AI?

Cinemind-AI is a movie-only chatbot that:

Answers questions about movies 🎥
Stores chat history 📂
Works like ChatGPT 💬
Uses AI for intelligent responses 🧠

🏗️ Architecture

Here’s how the system works:

Frontend (HTML + JavaScript)
        ↓
Backend (Flask API)
        ↓
AI Model (Google Gemini)
        ↓
Database (MongoDB)

⚙️ Technologies Used

Python 🐍
Flask 🌐
Google Gemini API 🤖
MongoDB 🗄️
HTML, CSS, JavaScript 💻

🔥 Key Features

💬 ChatGPT-like Interface

Users can chat naturally like they do with AI assistants.

🎥 Movie Domain Restriction

The chatbot only answers movie-related questions.

If a user asks something else:

⚠ Please ask only movie related questions.

📂 Chat History

All chats are stored in MongoDB and can be reopened later.

🧠 AI-Powered Responses

Using Gemini API, the chatbot generates smart answers.

🧩 How It Works

1. User Sends Message

polisodu telugu movie

2. Flask Backend Receives It

data = request.get_json()
message = data["message"]

3. Domain Filter Applied

if "movie" not in message:
    return "Only movie questions allowed"

4. AI Generates Response

response = model.generate_content(message)

5. Stored in MongoDB

{
 "role": "user",
 "message": "polisodu telugu movie"
}

🧪 Challenges I Faced

API rate limits (Gemini quota hit 💀)
JSON parsing errors in frontend
Handling Markdown formatting in responses
Managing chat sessions correctly

💡 What I Learned

How frontend talks to backend (fetch API)
How Flask APIs work
How AI models are integrated
How databases store chat data
Real-world debugging skills 😄

🚀 Future Improvements

Streaming AI responses (typing effect)
Chat titles like ChatGPT
Movie posters integration
Better UI design

🎯 Final Thoughts

Building Cinemind-AI made me realize how modern AI apps are structured.

This is not just a chatbot — it's a full-stack AI project.

👨‍💻 About Me

I'm Nagu, a Cyber Security Engineering student exploring AI + Web Development 🚀

GITHUB REPO .

⭐ If You Like This

Give your feedback or suggestions!

And if you're building something similar, let’s connect 🔥

ros turtlesim for beginners

BALLA NAGA V VENKATA SATYA NARASIMHAMURTHY — Wed, 31 Dec 2025 05:57:50 +0000

ros2 turtlesim
the humble turtlesim is a beginer level simulation tool

Hey everyone 👋 I’m Nagu, and this is my first blog post on the DEV Community!
In this post, we’ll explore Turtlesim, a fun and simple simulator in ROS 2 (Robot Operating System 2) — perfect for beginners who want to start learning robotics and ROS commands.

🚀 What is ROS 2 Humble?

ROS 2 Humble Hawksbill is a popular Long-Term Support (LTS) version of ROS 2.
It’s widely used for building and simulating robots — from simple mobile bots to advanced AI-driven systems.

🐢 What is Turtlesim?

Turtlesim is a lightweight simulator that shows a small turtle in a 2D world.
It’s often the first step to understanding ROS concepts such as:

Nodes 🧩 (independent programs)

Topics 🗣️ (communication channels)

Services ⚙️ (request/response system)

Parameters ⚡ (settings and configurations)

⚙️ Step 1: Install ROS 2 Humble

If you haven’t installed ROS 2 yet, open your terminal and run:

sudo apt update && sudo apt upgrade -y
sudo apt install ros-humble-desktop
Then source it:
source
/opt/ros/humble/setup.bash
(Tip: Add this line to your .bashrc so it auto-loads every time you open a terminal)

🧩 Step 2: Install Turtlesim

sudo apt install ros-humble-turtlesim
Check if it’s installed:

ros2 pkg list | grep turtlesim
note :sometimes ros2 command not found in terminal
in that case it better to switch to root terminal by the below command

sudo su
🖥️ Step 3: Run Turtlesim

Launch the turtlesim window:

ros2 run turtlesim turtlesim_node
A blue window will appear with a turtle in the center 🐢💙

🎮 Step 4: Control the Turtle

Open another terminal and run:

ros2 run turtlesim turtle_teleop_key
after clicks of some keys
⬆️➡️⬇️⬅️

Now use your arrow keys to move the turtle around.
Congrats — you just published your first commands in ROS 2!

🧠 Step 5: Explore Basic Commands

List all active topics:

ros2 topic list

See messages being published: while you are controling the turtle by arrow keys

ros2 topic echo /turtle1/cmd_vel

linear:
x: 0.0
y: 0.0
z: 0.0
angular:
x: 0.0
y: 0.0

z: -2.0

linear:
x: 0.0
y: 0.0
z: 0.0
angular:
x: 0.0
y: 0.0

z: 2.0

WHEN YOU TOUCH THE EDGE OF THE WINDOW it publish to the

turtlesim_node
terminal
[WARN] [1761550426.649414936] [turtlesim]: Oh no! I hit the wall! (Clamping from [x=11.120421, y=4.634281])

Clear the screen:

ros2 service call /clear std_srvs/srv/Empty
Change the background color:

ros2 param set /turtlesim background_r 200
ros2 param set /turtlesim background_g 100
ros2 param set /turtlesim background_b 150
ros2 service call /clear std_srvs/srv/Empty
💡 What You Learned

✅ How to install and run ROS 2 Humble
✅ How to launch and control Turtlesim
✅ How to explore topics, services, and parameters
the official website for ros

This is just the beginning of your ROS 2 journey — next, we’ll write a Python node to move the turtle automatically!

✍️ Final Words

Thanks for reading!
If you enjoyed this post or found it helpful, leave a ❤️ and follow me for more tutorials on ROS 2, Ubuntu, and Ethical Hacking.
and since it is my first ever blog please support me for more info

“Don’t prove, just improve.” — Nagu

Would you like me to write your next post script — the one about controlling Turtlesim using Python code
see you soon guys