Newer
Older
# Week one report
Radek Valigura from now on just **Radek**.
What have we done so far:
---
Radek:
- wrote one user story
- set up the pipeline
- wrote OWASP security risks considerations
Olli:
- Wrote multiple user stories
- Wrote some of the ways of working stuff
- Set up my local dev environment
- Set up Azure resource group
Aapo: (Added February 2nd)
- Had plenty of issues with docker daemon and almost gave up.
- Wrote some user stories.
## OWASP security risks
1. Broken access control - We should secure our API, so that only a request to the pre-specified paths is possible.
2. Cryptographic failure - We should hash (salt and paper) all the passwords of our users. Creating a secure environment for our users.
3. Injection - all our database manipulation should go trough predefined API.
4. Security Logging and Monitoring Failures - We should establish logging for failed password attempt and also create a temporary time block on an account in case of password hard cracking.
5. Security Logging and Monitoring Failures - We should store our logs on a local machine and remote server as well.