Tournament Turn-In Day

Alright goals:

• Guidance on "forking" your project (one version for portfolios and one version for the hackers)
• Project Swap
• Hacking/QC project guidelines
• Personal-Growth Questions
• Turn-In Instructions

Forking Demo

Take a moment to get a backup URL going

I'm presuming you are using a static host (firebase hosting or github pages or apache/nginx) and rtdb as your backend.

If you're using the _/init trick it's as simple as:

• Make a new project
• Export the DB from the old one
• Import the DB into the new one
• Make a new folder on the command line
• firebase init
• Copy the static files into public
• deploy

If you are copying from codepen and not using the _/init trick then also:

Get the json object from the new db and swap that out.

For the DB you can export the JSON at root and import it at root.

Project 1.5 Internal Pentesting

Let's all partner up in the room.

So this is a light paradigm shifting project. You each made a somewhat meaningful web app. Many of you are sure it's full of security holes. As we pivot to the security half of the class this will be a little exercise in quality assurance.

Here is some guidance:

• You will swap codebases with a partner. You are on the same team.
• The goal is to give them a write-up of what they need to fix.
• If you discover some true vulnerabilities then write them up and maybe take some screen shots of a working exploit of some kind.
• Examples of working exploits include gaining access to data/abilities your account shouldn't have access to; code injection; deleting/editing/accessing the database directly; ability to take down or deface the site
• Your hacking skills might be weak or their security strong. In that case you might think you don't have much to say.
• If you can't make an exploit then write-up what you tried and how they protected against it.
• Also you can add advice about their code quality to help code maintenance or usability.

Give your write-up to your partner and me on November 3rd.

Project 1 Growth Report

Part 1: I need the URL of your hosted project, a copy of your codebase, a copy of your firebase security rules if you used firebase, and a run-down of any instructions for using your app you'd like to give me.

Part 2: I need you to write up and send me a personal growth report with answers to the following questions:

1. Describe the timeline of the project: HOW MANY HOURS DID YOU SPEND, when did you start, bottlenecks you faced, etc.
2. How did you meaningfully grow as a developer from the project (if you did)?
3. Were there any "A-HA" insights that you'll carry with you into future work?
4. If you collaborated with other folks in the class what was that like?
5. Are you proud enough of the work that you'd use it in a job interview/portfolio? If not, what would you change to make it that way?
6. Rate your sense of mastery on a scale of 1-10 and give a little flavor for each of our mastery tasks for this project:

1. 1. You can host a website using static files on a CDN.
   2. You can display data read from a database dynamically.
   3. You can write data to a database (and have other users see it).
   4. You can manage client-side "routing", "deep-linking", and display different screens based on the user's choices.
   5. You can design your database (or API services) to give you what you need on the screen you need it.
   6. Given an array of JSON objects display them each in a template and let a user interact with any particular object.
   7. You can setup OAuth and passwords with email resets for your users.
   8. You can allow users to join a tourney and know who they are facing.
   9. You can allow new users to create a tournament dynamically and others can route to that tourney's new page.

Get this to me ASAP via an email to andynovo@udel.edu, I'll look at the date stamps.