You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

54 lines
2.1 KiB

5 years ago
#### Functional
##### Try opening the forum.
5 years ago
###### Does the URL contain HTTPS?
###### Is the project implementing [cipher suites](https://en.wikipedia.org/wiki/Cipher_suite)?
5 years ago
###### Is the Go TLS structure well configured?
###### Is the [server](https://golang.org/pkg/net/http/#Server) timeout reduced (Read, write and IdleTimeout)?
###### Does the project implement [Rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) (avoiding [DoS attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack))?
5 years ago
##### Try to access the database.
5 years ago
###### Does the database present a password for protection?
5 years ago
##### Try creating a user. Go to the database using the command `"sqlite3 <database-name>"` and run `"SELECT * FROM <user-table>;"` to select all users.
5 years ago
###### Are the passwords encrypted?
##### Try to login into the forum and open the inspector(CTRL+SHIFT+i) and go to the storage to see the cookies(this can be different depending on the [browser](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_are_browser_developer_tools)).
###### Does the session cookie present a UUID(Universal Unique Identifier)?
5 years ago
###### Does the project present a way to configure the certificates information, either via .env, config files or another method?
5 years ago
5 years ago
###### Are only the allowed packages being used?
5 years ago
###### As an auditor, is this project up to every standard? If not, why are you failing the project?(Empty Work, Incomplete Work, Invalid compilation, Cheating, Crashing, Leaks)
5 years ago
#### General
###### +Does the project implement their own certificates for the HTTPS protocol?
5 years ago
###### +Does the project implement UUID(Universal Unique Identifier) for the user session?
5 years ago
#### Basic
###### +Does the project runs quickly and effectively? (no unnecessary data requests, etc)
###### +Does the code obey the [good practices](../../good-practices/README.md)?
5 years ago
###### +Is there a test file for this code?
#### Social
###### +Did you learn anything from this project?
###### +Can it be open-sourced / be used for other sources?
###### +Would you recommend/nominate this program as an example for the rest of the school?