QA & Penetration Testing of Web Application

Closed
Checklick
Canada
Josh Northcott
CTO
(8)
3
Project
Academic experience
60 hours of work total
Learner
Anywhere
Intermediate level

Project scope

Categories
Website development Security (cybersecurity and IT security) Information technology Software development Databases
Skills
presentations ethical hacking penetration testing preparing executive summaries open web application security project (owasp) vulnerability research quality assurance ui/ux strategy
Details

Standard testing practices for web based platforms are to conduct Quality Assurance test before launching and penetration tests at least once a year. Quality assurance (QA) is the process of determining whether a product or service meets specified requirements, while penetration tests is when a firm or group of people are given special permissions to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.


  • First, we would like students to get familiar with our product. Sign up, play around with it, understand generally how it works.
  • Second, students should run through given workflows to determine if the web platform meets the needs of the user and client.
  • Third, students should develop a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
  • Fourth, students are free to attack our product as per the presented plan
Deliverables

Before testing begins, students should present a testing plan to us. This should include a breakdown of what tools they will use for both QA and penetration tests, techniques for exploration, what areas of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.

After testing is complete, the final deliverable should be a written report detailing how the tests were conducted, what parts of the product do and do not meet the requirements of the client, what tests passed, what tests failed, and any further notes from the testers. Other items to consider for a final report should be:

  • An executive summary detailing overview, timeline, key findings
  • Categorising all findings into vulnerability levels such as critical, high, medium, low
  • High detailed summaries of any findings
  • Low detailed summaries of any tests conducted with no findings
  • A recap of any tools used


Final Deliverables:

  • Student findings report
  • Technical summary of how they carried out the tests
  • A letter of Attestation

For students: To validate the completion of your work, please submit deliverables as uploaded files with a reflection note at the end of your project. These files can take various formats, including Word documents, PDFs, JPEG images, presentations, and more. We request tangible proof or an example showcasing your completed work. If the project involved an Non-Disclosure Agreement (NDA), please provide redacted deliverables or a sample of non-confidential work.

Mentorship
Skills, knowledge and expertise

Sharing knowledge in specific technical skills, techniques, methodologies required for the project.

Regular meetings

Scheduled check-ins to discuss progress, address challenges, and provide feedback.

About the company

Company
Canada
2 - 10 employees
Technology

Checklick is an Athlete Development Tracking System that provides sports clubs with a tool to create skill development checklists and a fully services club storefront for clubs to sell their memberships, courses, events or items.