Individual Application Notes

Application A Example

Application B

JS Monitoring Notes

JS Monitoring

Tech Stack

• Framework & Language - Rails/Ruby, Django/Python, mux/Golang
• 3rd party components, Examples:
  • Billing libraries (rubygem, npm, jar, etc.)
  • JavaScript widgets - (marketing tracking, sales chat widget)
  • Reliant upon other applications - such as receiving webhook events
• DB - Postgresql, MySQL, Memcache, Redis, Mongodb, etc.

Brainstorming / Risks

<aside> 💡

Walk the app, threat model and highlight HIGH RISK AREAS to target first

</aside>

• Here is what the feature or product is supposed to do... what might go wrong?
• Okay - based on the tech stack, I've realized that the:
  • ORM
  • Templating

Https://example.com/register

• User registration available
  • [ ] Check for unicode normalisation
  • [ ] Check reset flow
  • [ ] Test input val on fields - CSTI, XSS etc