This is the github repo for our CSEC380 Final Project, a deliberately vulnerable video sharing platform Tiger Advanced.
Sprint | Activity | Description | Due Date | Completion |
---|---|---|---|---|
1 | 1 | Setup Github | September 20th | Yes |
1 | 2 | Generate Tests/Initial Splashpage | September 20th (Due Date) | Yes |
1 | 1/2 | Writeup for Activities 1 and 2 | September 20th (Due Date) | Yes |
2 | 3 | Authentication to the website | September 29th | Yes |
2 | 3 | Tests for authentication | September 29th | Yes |
2 | 3 | Writeup for activity 3 | September 29th | Yes |
3 | 4 | Content can be uploaded | October 13th | Yes |
3 | 4 | Content and metadata can be viewed | October 13th | Yes |
3 | 4 | Content can be deleted by uploading user | October 13th | Yes |
3 | 4 | Tests for uploading, viewing, and deletion | October 13th | Yes |
3 | 4 | Writeup for activity 4 | October 13th | Yes |
4 | 5 | Classic SQL Injection vulnerability | October 27th | Yes |
4 | 5 | Blind SQL Injection vulnerability | October 27th | Yes |
4 | 5 | Tests for sql injections | October 27th | Yes |
4 | 5 | Writeup for activity 5 | October 27th | Yes |
5 | 6 | Introduce Server Side Request Forgery Vulnerability | November 10th | Yes |
5 | 6 | Tests for SSRF vulnerability | November 10th | Yes |
5 | 6 | Writeup for activity 6 | November 10th | Yes |
6 | 7 | Introduce Command Injection Vulnerability | November 24th | Yes |
6 | 7 | Tests for command injection | November 24th | Yes |
6 | 7 | Writeup for activity 7 | November 24th | Yes |
7 | All | Verification that all components and tests work | November 24th (Due Date) | Yes |
7 | All | Review of all writeups | November 24th (Due Date) | Yes |
Github projects will be used to represent Epics (each line in the Sprints and Components table is an Epic). Github milestones will be used to represent sprints. Github issues will be used to represent user stories.
We will be using TravisCI with pytest for the testing, nginx with $frontend will used for the front end, Docker will be used for the hosting, and python/flask for the backed.