Versions Compared

Old Version 8

changes.mady.by.user Abhishek Gururani

Saved on

compared with

New Version Current

changes.mady.by.user Yash Sancheti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • What did you accomplish this past week?

    • Created Issues and PR’s in android client and mifos community app for the vulnerabilities found last week.

    • Tested endpoints for rate limiting issues.

    • Tested for XSS using custom payloads and bruteforce through intruder.

    • Analyzed using nuclei and found some low severity issues.

    • Researched on CodeQL queries, read writeups.

  • What will you do this upcoming week?

    • Test web app (fineract API) for parameter tampering issues.

    • Test for Cross Site Request Forgery security bugs.

    • Meet with mentor and discuss about project progress.

    • Deploying SonarQube and analyze using it. Test Fineract Github repository code to identify vulnerabilities and errors in the code.

  • What obstacles are impeding your progress?

    • none as of now

  • Would you like help from some mentor for this task? 

    • No

Kerlyn

  • What did you accomplish this past week?

    • I continued the data validation tests by testing for command injection and all my tests came out negative. So I plan to tackle it with another approach next week when testing for file inclusions.

    • I also did a test for sensitive data exposure and vulnerable components. I noticed the vulnerable TLS versions have been disabled which is a good thing. However, I noticed a vulnerable component that I am presently trying to exploit it.

    • I also performed a clickjacking test which came out positive.

    • I did an API scan/bruteforce on our fineract domain and found endpoints. I am still investigating the endpoints which were discovered here.

    • Over the weekend I’ll update my notion documentation to capture the progress made so far.

  • What will you do this upcoming week?

    • I’ll round up the code review which is still to test for sensitive data exposure.

    • I’ll have a weekly meeting with the mentor to discuss work done in the past week and what is to be done that week.

    • Test for unrestricted upload of files with dangerous types.

    • Test for server-side request forgery.

    • And of course, I’ll keep up the documentation.

  • What obstacles are impeding your progress?

    • None

  • Would you like help from some mentor for this task? 

    • Not at the moment

...