Technical Critique / Security Vulnerability
Description#
- Technical critique required sections:
- Problem
- Potential list: bad architecture, bad coding practices, bad design, etc
- Solution
- This should be the focus; remember, the goal is to improve the quality of DTI apps, not tear them apart.
- Reflection (if applicable, required for TPM)
- Is there similar problems in the codebase of your subteam? If so, what do you plan to fix that.
- What does other subteam's codebase inspire you? Is it possible to do similar stuff in your codebase?
- Problem
- Security vulnerability review required sections:
- How to exploit
- How to fix
- How to prevent this in the future
- How does this incident prompt your subteam to design more secure systems (if applicable)
- Notes:
- Vulnerabilities are first-come, first-serve. Check with us before attempting this assignment, lest you review a vulnerability that has already been found
- Please do not disclose your vulnerability publicly (we don't want to publicize how to take down DTI projects)!
danger
This type of written assignment will be forwarded to relevant subteams' channels with your personal information anonymized, if you agree to share. You are NOT allowed to hack non-DTI users' accounts on the production site. Avoid hacking DTI users' accounts to demonstrate the problem if you can.
Grading Tiers#
93%: Contribution was below expectations for that member of the team.
- Issue or vulnerability is clearly not an actual issue
- Vulnerability/issue is created for the sake of being able to write about it
96%: Contribution was at expectations for that member of the team. This is the baseline grade.
- Issue or vulnerability is problematic to that product
- Provide an decent attack plan
100%: Contribution was above expectations for that member of the team.
- Issue or vulnerability is not obvious to find and is problematic to that product
- Provide an actionable attack plan
- Real Examples: