Working on capstone report.
Was on overseas leave from Monday ~ Wednesday. Did a follow up on #NpaxB It's a mobile IOS application follow up, made use of Needle framework.
Working on capstone report
Continue working on #6Q0T6 as this time I'm testing on the iOS app instead of android/web. There's a steep learning curve but it was manageable.
This week was spent testing the secure production options for the application. Strapi.io framework has a way to toggle on and off security options such as CSRF, P3P, HSTS, XFRAME, etc. Toggled
Worked on #6Q0T6. It's a follow up from a project from before. To check if they have fixed the found vulnerabilities. The most critical one was fixed but there were still little holes
This week was spent testing out how to implement a custom API endpoint for Strapi.io. Managed to get the API to respond with custom messages, but still in the progress of understanding
Worked on #1UUjG. similar system to another project, hence many vulnerabilities overlapped.
Worked on #t/7yH. Many interesting vulnerabities related to improper user access control.
This week is spent researching on writing custom API endpoints for the Strapi.io framework. Reason for this research is so that I am able to trigger off a series of action when
Worked on #21rBT. Not much to write about
Worked on #CQ3bM this week. Found a ton of high impact vulnerabilities, mostly regarding improper user access control.
This week is spent fixing the bugs that existed in the ReactJS version of the project, some bugs came from the migration to VueJS. Because of the asynchronous nature of the application, there
Worked on #55Bro this week. Found vulnerabilities such as stored XSS which affects all users, including unauthenticated ones.
This week was spent converting the admin portion of the application from ReactJS to VueJS. Like the trainee portion, most of the view/template code can be reused. But the logic behind needs
Continued working on #D+wPW this week, part 2 and 3. Part 2 is very similar to Part 1. While Part 3 is the game's backend per say. There was nothing of importance
This week was spent converting the trainee portion of the application from ReactJS to VueJS. A good portion of the code for the view/template portion can be reused. But most of the
Worked on #D+wPW, there's 3 parts to this project so worked on Part 1. The web application is a game so the procedure is very different from usual. However, data is still
Did follow up review for a previous project
After a lot of testing and researched, I have decided to change the front-end framework to VueJS. https://vuejs.org Reason for changing is because the React Boilerplate framework that I was using
Continue working on #6QT0T6 this week. Also went on site to client's office for #MPmfm. Found a critical vulnerability for #6QT0T6 where the archive for the entire application source code was downloadable. It
NA Very busy with IWSP work this week.