We assessed commit #abcd134
Describe some stuff.
Recommend some stuff.
Describe some stuff.
Recommend some stuff.
- What does it do? (business purpose)
- Who does it do this for? (internal / external customer base)
- What kind of information will it hold?
- What are the different types of roles?
- What aspects concern your client/customer/staff the most?
- Framework & Language - Rails/Ruby, Django/Python, mux/Golang
- 3rd party components, Examples:
- Building libraries (rubygem, npm, jar, etc.)
- JavaScript widgets - (marketing tracking, sales chat widget)
- Reliant upon other applications - such as receiving webhook events
- Datastore - Postgresql, MySQL, Memcache, Redis, Mongodb, etc.
- Here is what the feature or product is supposed to do... what might go wrong?
- Okay - based on the tech stack, I've realized that the:
- ORM - Does SQLi in this way
- Template language introduces XSS in this way
- Look for instances of
| safe
in the template/views - Look for OS commands
- Look at the ORM for instances of
createNativeQuery()
- Developer expected
x
but I think we should try to see ify
is possible
- Login page give error messages, check for enumeration
- Signup page allows for freeform passwords, does it implement proper password complexity?
- Uses @login_required decorator, is it applied on all endpoints appropriately?
- Logging configuration is in
settings.py
, check documentation for secure settings
- ORM
where
function allows for string concatenation, search for all instances
- References to base64 when handling passwords, is this bad?
- Code is ruby/rails, make sure and run brakeman before closing out
-
GET /lulz LulzController.java
-
POST /admin/rofl AdminRoflController.java
-
ensure_logged_in
- /path/to/some/important/file.sh