Standard testing practices for web based platforms are to conduct Quality Assurance test before launching and penetration tests at least once a year. Quality assurance (QA) is the process of determining whether a product or service meets specified requirements, while penetration tests is when a firm or group of people are given special permissions to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.

• First, we would like students to get familiar with our product. Sign up, play around with it, understand generally how it works.
• Second, students should run through given workflows to determine if the web platform meets the needs of the user and client.
• Third, students should develop a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
• Fourth, students are free to attack our product as per the presented plan

Before testing begins, students should present a testing plan to us. This should include a breakdown of what tools they will use for both QA and penetration tests, techniques for exploration, what areas of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.

After testing is complete, the final deliverable should be a written report detailing how the tests were conducted, what parts of the product do and do not meet the requirements of the client, what tests passed, what tests failed, and any further notes from the testers. Other items to consider for a final report should be:

• An executive summary detailing overview, timeline, key findings
• Categorising all findings into vulnerability levels such as critical, high, medium, low
• High detailed summaries of any findings
• Low detailed summaries of any tests conducted with no findings
• A recap of any tools used

Final Deliverables:

• Student findings report
• Technical summary of how they carried out the tests
• A letter of Attestation

For students: To validate the completion of your work, please submit deliverables as uploaded files with a reflection note at the end of your project. These files can take various formats, including Word documents, PDFs, JPEG images, presentations, and more. We request tangible proof or an example showcasing your completed work. If the project involved an Non-Disclosure Agreement (NDA), please provide redacted deliverables or a sample of non-confidential work.