In this project, I identified a security issue in the password reset process of an e-commerce website. The problem was that old password reset links remained active even after a new password was set, posing a risk for unauthorized access.
I run tests, recorded the problem, and presented fixes-such as old reset links expire immediately and ensure each link is only good for a single use-that helps build my skills in security testing, bug identification, and the presentation of solutions to protect user accounts.
Skills Demonstrated: Security Testing, QA, Vulnerability Analysis
Project 2
Session Invalidation Vulnerability After Password Change
Overview:
Security flaw on an e-commerce website platform: In this project, I found a security flaw where user sessions kept being active long after a changed password. That is, it meant that users who changed their passwords could be logged on with old session cookies, and the risk occurred of unauthorized access.
I tested and confirmed this vulnerability, highlighting that the old session should automatically expire after a password change to protect user accounts. I recommended fixes, including invalidating session cookies immediately upon password change and using secure cookie attributes like "HttpOnly," "Secure," and "SameSite" to enhance session security.
Skills Demonstrated: Security Testing, Session Management Analysis, Vulnerability Identification