Below are the points, we are looking for :
1. Code Review portal
2. Access Control Origin Not Set
Access-Control-Allow-Origin is set by server in every CORS response. Depending on its value, the browser
decides if the response is allowed or not. It can be set to * (also called the wildcard character) which is
not a recommended practice and could result in attacks.
3. Failure to Restrict URL Access
Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an
application that fails to restrict URL access, administration links are only put onto the page if the user is
an administrator. However, if non-privileged users discover the administration page’s address, they can
still access it via URL access.
In our case access to a js file (page) that only a super admin should have access to is allowed for normal
users. This indicates that the access control settings are not properly applied in the application and would
allow normal users to have access to privileged pages.
4. Incomplete Cache Control
Cache control need to be set to no-cache, no-store, must-revalidate through out the portal.
5. portal login - able to login with old URL.
6. Need to fix Cross Site Scripting in portal
7. Cookie Does Not Contain Secure and HTTP Only Attribute in portal
P.S. Candidate need to work for 5-8 hrs daily(Based on requirement)