Added Aapos part to week 1 and 2

0e86d3b5 · aapekaur · ae46e672 · 0e86d3b5 · 0e86d3b5
Commit 0e86d3b5 authored 2 years ago by aapekaur
--- a/docs/week1.md
+++ b/docs/week1.md
@@ -2,6 +2,7 @@

 Radek Valigura from now on just **Radek**.
 Olli Mehtonen from now on just **Olli**.
+Aapo Kauranen from now on just **Aapo**.

 What have we done so far:
 ---
@@ -17,10 +18,14 @@ Olli:
 - Set up my local dev environment
 - Set up Azure resource group

+Aapo: (Added February 2nd)
+- Had plenty of issues with docker daemon and almost gave up.
+- Wrote some user stories.
+
 ## OWASP security risks

 1. Broken access control - We should secure our API, so that only a request to the pre-specified paths is possible.
 2. Cryptographic failure - We should hash (salt and paper) all the passwords of our users. Creating a secure environment for our users.
 3. Injection - all our database manipulation should go trough predefined API.
 4. Security Logging and Monitoring Failures - We should establish logging for failed password attempt and also create a temporary time block on an account in case of password hard cracking.
-5. Security Logging and Monitoring Failures - We should store our logs on a local machine and remote server as well.
\ No newline at end of file
+5. Security Logging and Monitoring Failures - We should store our logs on a local machine and remote server as well.
--- a/docs/week2.md
+++ b/docs/week2.md
@@ -2,6 +2,7 @@

 Radek Valigura from now on just **Radek**.
 Olli Mehtonen from now on just **Olli**.
+Aapo Kauranen from now on just **Aapo**.

 What have we done so far:
 ---
@@ -18,10 +19,14 @@ Olli:
 - Set up my local dev environment
 - Set up Azure resource group

+Aapo:
+-Wrote one user story.
+-Created webpage template and frontend code to handle most of the bid submission. Actual request to backend will be written on 2nd or 3rd February.
+
 ## OWASP security risks

 1. Broken access control - Limit API calls send alerts to the admins once there were to many tries.
 2. Cryptographic failure -Usage of outdated or cracked crypto/ hashing algorithms should be avoided.
 3. Injection - Prevent the too many argument injection, giving the user higher privileges.
 4. Injection - We should implement some form of validation of incoming data.
-5. Insecure design - We will only use widely used, regularly updated and verified libraries, to prevent inclusion of unsecured code.
\ No newline at end of file
+5. Insecure design - We will only use widely used, regularly updated and verified libraries, to prevent inclusion of unsecured code.