You’re starting work on a new project as a security engineer, and you’ve been asked to evaluate this project for any vulnerabilities. The project is a standard web application that helps small businesses keep track of deliveries. Users can log in and track deliveries, and administrators can also create and delete deliveries. It consists of a frontend using Javascript and React, a backend using Java and Spring, and a database. The frontend communicates with the backend using an API, and the backend communicates with the database to fulfill these API requests. The application is hosted in a cloud environment and all parts of the infrastructure are publicly accessible.
Although I’m not working on this project currently, I did a lot of work on it previously and I’m familiar with the architecture. I’m happy to answer any questions or provide more information.
-
Q&A: Please take some time to ask me any questions you have in order to make an assessment
-
Vulnerabilities and areas of concern: Talk us through the possible areas of vulnerabilities and concern that you see
