Project 1.5 Internal Pentesting

Let's all partner up in the room.

So this is a light paradigm shifting project. You each made a somewhat meaningful set of stacks. Many of you are sure you're full of security holes. As we pivot to the security half of the class this will be a little exercise in quality assurance.

Here is some guidance:

• Use the stack you're most proud of (or most scared of)
• You will swap codebases with a partner. You are on the same team.
• The goal is to give them a write-up of what they need to fix.
• If you discover some true vulnerabilities then write them up and maybe take some screen shots of a working exploit of some kind.
• Examples of working exploits include gaining access to data/abilities your account shouldn't have access to; code injection; deleting/editing/accessing the database directly; ability to take down or deface the site
• Your hacking skills might be weak or their security strong. In that case you might think you don't have much to say.
• If you can't make an exploit then write-up what you tried and how they protected against it.
• Also you can add advice about their code quality to help code maintenance or usability.

Give your write-up to your partner and me on November 4th.