Skip to content

3.3 Abuser Stories

Jump to bottom
Amos Wong edited this page Apr 17, 2017 · 8 revisions

1. Malicious Payload

Issues Resolutions
As an abuser, I can inject malicious script into a markdown document Input sanitization should be done on the markdown document before it get passed to the browser's markup processor (which also render the document).
As an abuser, I can inject malicious SQL query to retrieve confidential information from the database Input sanitization should be done on the user's input before any SQL command get executed.
As an abuser, I can create a plugin to retrieve private information by accessing DOM element outside of my plugin. Plugins code should be sand-boxed and encapsulated an iframe.

2. Unauthorized Access

Issues Resolutions
As an abuser, I can view documents that are not meant for me by accessing a private URL. The request for viewing a document should be authenticated before returning the document back to the user.
As an abuser, I can run a brute-force attack on the login page to gain unauthorized access. The login mechanism should impose a artificial delay before the user can re-enter the login detail again.
CAPTCHA should used used after multiple invalid login attempts.

by Sashimi 🐟

📄 Contents

  1. Introduction

  2. Project Work Log

  3. Software Requirements
    4. 3.1 Functional Requirements
    3.2 Non functional Requirements
    3.3 Abuser Stories
    3.4 Glossary

  4. Design
    5. 4.1 Architecture Diagram
    4.2 Entity Relationship Diagram
    4.3 UI Design

  5. Developer Guide
    6. 5.1 Getting started
    5.2 Resources
    5.3 Testing tools
    5.4 API Documents

  6. Evaluation Report
    7. 6.1 Usability Evaluation
    6.2 Performance Evaluation
    6.3 Security Evaluation

  7. Misc
    8. 7.1 Dog Fooding Process

Clone this wiki locally