Versions Compared

Old Version 3

changes.mady.by.user Pushpendra Kumar b20 122

Saved on

compared with

New Version Current

changes.mady.by.user Nkep Kerlyn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • What did you accomplish this past week?

    • Got done with MVVM migration of 1. Login Activity, and 2. Update Password fragment.

    • Crafted and committed unit tests for the viewModels and Repositories of the aboveStarted Migration of Accounts Fragment to MVVM

    • Started Research on hosting RC server to integrate in-app chat feature in Mifos Mobile.

    • Initially started setting up RC server on my local linux machine using Snap. Later felt that this requires a lot of redundant backend work.

    • Found a way to host RC server remotely.

    • Created a research document on RC integration → Rocket Chat Integration Research Doc

    • Researched an implemented interaction with RC server using Web Sockets.

    • Created a primitive version for the in-app feature that interacts with the RC server in real time using Web Sockets.

  • What will you do this upcoming week?

    • Picked Savings features and Accounts Feature for migration work.

    • Editing existing PRs based on Mentor suggestionsBuilding on the primitive version, will refine designs, and implement clean UX.

    • Finish migrating Accounts Fragment to MVVM.

  • What obstacles are impeding your progress?

    • None

  • Would you like help from some mentor for this task? 

    • No, thanks.

Meghna Bajoria

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

...

  • What did you accomplish this past week?

  • API Pentesting: Extracted all API URL's with different parameters and tested them with different user permissions using automate IDOR workflow built in trickest (also wrote a blog for the same).

  • Tested API's for SQL Injection: Found 5 error-based SQL Injection vulnerability in client, loans, dataTable API's.

  • I got help and guide from mentor to test web-app dependencies for vulnerabilities and to check their licenses if they are using GPL/APGL.

  • Found open directories leaking all plugins, log files.

    • Created a draft PR in fineract to mitigate a log injection vulnerability

    • I was analyzing web-app codebase potential security issues and tried to escalate bugs from there.

    • Analyzed CVE’s for the open software versions I found.

    • Tested some self service-API’s.

  • What will you do this upcoming week?

    • Continue with API Pentesting and create some more PR's in fineractI will utilize the power of nuclei templates and try to escalate the found vulnerabilities to have a greater impact.

  • What obstacles are impeding your progress?

    • None

  • Would you like help from some mentor for this task? 

    • Not right now

...

  • What did you accomplish this past week?

    • Continue manual API testing.

      • Tested for ssrf. Tried out new payloads. Also read a lot of related documentation on medium.

      • Tested for file upload endpoints (bulk import endpoints, client image upload endpoint)

  • What will you do this upcoming week?

    • Learn how to use and set up Pynt on my test environment.

    • Perform automated API tests using Pynt tool,

  • What obstacles are impeding your progress?

    • none

  • Would you like help from some mentor for this task? 

    • Not at the moment.

Elijah Okello

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

...