Outdoor Discovery Website

Project Overview

For my software quality assurance class at University of Hawaii at Manoa, we were tasked with implementing a secure system that accepted user input. Given my interest in outdoor activities offered by the university and the early 2000’s look of the existing website, I convinced my group members to make a website for listing and registration of the outdoor classes being offered.

My Contributions

I worked mostly on back-end functionality for this project, such as setting up the web/database server environment, database connectivity, session handling, etc.

A database class was designed to ensure no SQL injection vulnerabilities. This was accomplished by keeping the database connection private to the class and using a query function that properly escaped all variables used before executing the SQL.

A session class was used to keep track of each user’s session on the website. This allowed for users to be logged in, as well as user roles, such as administrators which could add/remove/modify the classes.

Team Dynamic

Despite the many unexpected changes from COVID-19, this was one of the best teams that I had worked with during my undergraduate career at the University of Hawaii at Manoa. Everyone showed up for meetings and did their work on time.

Conclusion

This project was like what I do in my professional career, but with a little more aggressive approach. Given that the class was in the cyber security track, this project focused heavily on security and any software we used (Apache2, MySQL, PHP, etc.) was expected to be updated to the latest stable version for every submission. This is a bit extreme for a professional environment, except for severe zero-day vulnerabilities, a monthly update schedule to the latest version available in public repositories is more than adequate.