This week I worked on a website #fBNRx that feels more completed than the previous website #KFVIz. The previous website was incomplete and the vendor admitted to it so it was awkward to test, not to mention that it feels a little bit meaningless as new features will be added to it once the testing was complete.
Learnt a lot this week as my supervisor emailed me his feedback on my pentest report on #KFVIz. He also sent me the actual report done by another colleague. From then onwards I could use that report as the standard to meet. Up till then we didn't have an actual report to reference to so we weren't sure if we were on the right track.
There was 6 findings on #KFVIz one of which is a publicly accessible SOAP backend, even though I wasn't able to invoke some of the functions due to some form of authentication, it was interesting to see that it was left "exposed".
Even though this is only the 2nd project, I'm starting to notice a trend that companies tend to use outdated libraries/components for their web application. This made me realize that maintenance in the long term is definitely something that requires planning.