QA & Penetration Testing of Web Application


Project scope
Categories
Website development Security (cybersecurity and IT security) Information technology Software development DatabasesSkills
presentations ethical hacking penetration testing preparing executive summaries open web application security project (owasp) vulnerability research quality assurance ui/ux strategyStandard testing practices for web based platforms are to conduct Quality Assurance test before launching and penetration tests at least once a year. Quality assurance (QA) is the process of determining whether a product or service meets specified requirements, while penetration tests is when a firm or group of people are given special permissions to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.
- First, we would like students to get familiar with our product. Sign up, play around with it, understand generally how it works.
- Second, students should run through given workflows to determine if the web platform meets the needs of the user and client.
- Third, students should develop a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
- Fourth, students are free to attack our product as per the presented plan
Before testing begins, students should present a testing plan to us. This should include a breakdown of what tools they will use for both QA and penetration tests, techniques for exploration, what areas of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.
After testing is complete, the final deliverable should be a written report detailing how the tests were conducted, what parts of the product do and do not meet the requirements of the client, what tests passed, what tests failed, and any further notes from the testers. Other items to consider for a final report should be:
- An executive summary detailing overview, timeline, key findings
- Categorising all findings into vulnerability levels such as critical, high, medium, low
- High detailed summaries of any findings
- Low detailed summaries of any tests conducted with no findings
- A recap of any tools used
Final Deliverables:
- Student findings report
- Technical summary of how they carried out the tests
- A letter of Attestation
For students: To validate the completion of your work, please submit deliverables as uploaded files with a reflection note at the end of your project. These files can take various formats, including Word documents, PDFs, JPEG images, presentations, and more. We request tangible proof or an example showcasing your completed work. If the project involved an Non-Disclosure Agreement (NDA), please provide redacted deliverables or a sample of non-confidential work.
Sharing knowledge in specific technical skills, techniques, methodologies required for the project.
Scheduled check-ins to discuss progress, address challenges, and provide feedback.
About the company
Checklick is an Athlete Development Tracking System that provides sports clubs with a tool to create skill development checklists and a fully services club storefront for clubs to sell their memberships, courses, events or items.
Portals
-
Toronto, Ontario, Canada