Open andlrutt opened 2 months ago
When clicking on the run background check, it has a text telling you it will cost 15$. Since the price could change year by year. we should consider having a more general statement.
Where's my favicon at?
Not sure where error originates, existed when I opened the page.
Not sure where error originates, existed when I opened the page.
When creating a new event, The start at and end at dates are slightly awkward with the dashes. We should consider deleting one or the other
With my current account authorization, I can create an event but not edit events. I think the two could be considered a set piece?
We are able to create an event without what roles will be present at the event. However, the check-in requires you to have a role, where there is no option to select any role.
Email fails to send
Should check in be available for past events?
I tried to see if I could do anything malicious with the site. I didn't find much.
Additionally, rechecked that MongoDB does TLS encryption so packets going through networks wouldn't be viewable. MongoDB uses TLS v1.2, which is secure. Secondly, MongoDB had encryption at rest using AES-256, which is also extremely secure.
Client-side field-level encryption is not enabled by default but could be enabled. Pro is that it adds on another level of encryption, so if the TLS encryption was cracked, there would be another layer. Con is that deterministic encryption disables sorting from the server side, and randomized encryption disables querying. Additionally, the server would have to strictly run on a Linux system, and the client would have additional computational overhead for encryption.
Description
TEST THIS MAMA JAMA!!! Try to break it in every way conceivable. You should spend 1 HOUR DOING THIS! Literally set a timer. If you can't find anything, look harder!
Don't test on localhost, instead navigate to cm.utkh4i.com and do your testing there. Do the testing on your phone, since this is currently our best supported device
Technical Details
Some things to consider (non-exhaustive!): What happens if...
Walk through EVERY workflow, start to finish, with every enumeration for inputs/sequences. Make a new volunteer, make a new event, make a new org, etc. Start a workflow, stop, come back to it later. Including (but not limited to)
TRY TO BREAK IT!
ADDITIONALLY:
EXPECTED OUTPUT: