...
What did you accomplish this past week?
Analyzed DAST reports.
Testing for identification failures, credentials
Doing this in her local testing environment.
Testing for Open Access vulnerabilitiesWrap up Phase 1 of the project which involved analyzing the DAST reports (the DAST tools I used were OWASP Zap and Wapiti).
For Phase 2 of the project which involves manual pentesting Mifos X, I began with performing authentication and authorization testing on my test environment.
I discovered two medium vulnerabilities, one related to authentication and another related to authorization.
Had a session with mentor my Mentor and he suggested sharing her documentation onlineI document my work online so he can review them every week. He also gave other tips on the direction in which the project should move towards.
Setup notion and began the documentation of work done till now.
What will you do this upcoming week?
Will share her Complete documentation to on notion and then share the linkData share it with my mentor.
Have a session with the mentor to review the documentation and give pointers on how to better relate the findings to developers.
Perform data validation testing, that is cross-site scripting, SQL injections, command injection, etc.
What obstacles are impeding your progress?
None
Would you like help from a mentor for this task?
Not at the moment
...