You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Functional
Try opening the forum.
Does the URL contain HTTPS?
Is the project implementing cipher suites?
Is the Go TLS structure well configured?
Is the server timeout reduced (Read, write and IdleTimeout)? (enabling attackers to take their time)
Try to access the database.
Does the database present a password for protection?
Try creating a user. Go to the database using the command "sqlite3 <database-name>"
and run "SELECT * FROM <user-table>;"
to select all users.
Are the passwords encrypted?
Try to login into the forum and open the inspector(CTRL+SHIFT+i) and go to the storage to see the cookies(this can be different depending on the browser).
Does the session cookie present a unique identifier?
Does the project present a way to configure the certificates information, either via .env or config files or other method?
Are the allowed packages being respected?
General
+Does the project implement their own certificates for the HTTPS protocol?
+Does the project implement UUID(Universal Unique Identifier) for the user session?
Basic
+Does the project runs quickly and effectively? (no unnecessary data requests, etc)
+Is there a test file for this code?
Social
+Did you learn anything from this project?
+Can it be open-sourced / be used for other sources?
+Would you recommend/nominate this program as an example for the rest of the school?