Identified the 5 most concerning security risks for the weeks tasks
Setted up the testing up
Started the Login/registration feature
Arno
Completed setting up the Azure infrastructure and the Gitlab-runner.
Added application address https://frozen-app.azurewebsites.net/ to README.md
Setup the database on azure
Initial setup of flask application (pages “/”, “/hello” and “/server-info”)
Added initial schemas for user and items into the database
Added test for saving of objects (user and item) into the database (page “/test”)
Considered A02:2021 and A10:2021.
Rayan
Finish local environment
Web page for adding items
Top 5 security risks considered (from OWASP) https://owasp.org/www-project-top-ten/
A10:2021-Server-Side Request Forgery
Data are currently not accessible via internet
A02:2021-Cryptographic Failures
Passwords should be stored encrypted
A05:2021-Security Misconfiguration
Automated test process for build, unit tests and deployment was setted up to help spot mistakes
A07:2021-Identification and Authentication Failures
No weak usernames or admin password will be implemented
A01:2021-Broken Access Control
The roles and their access rights have been discussed
Arno: Completed setting up the Azure setup and the Gitlab-runner. Application is now accessable at https://frozen-app.azurewebsites.net/. Also setup the Database.
