Author: Sharon Bousso

Capstone Updates

The capstone is coming along wonderfully. I’ve implemented a nodejs server with express, and I’ve prototyped the attack on path traversal through this web app. Right now, it sends an exploit for path traversal through the clients web browser with a request using fetch, and updates an iframes contents with the output of the path traversal vulnerability. In the next project iteration, I will create an endpoint on the node app, like /request, which will take a string and make the exploit request, and send back the results it gets to the client, because it’s bad practice to demonstrate exploits through client side Javascript code, and ultimately this tool is a demonstrative and educational tool. If this project is being hosted on a server that’s accessible to the web, I can just have the vulnerable machine only whitelist its IP, and this wont be possible if the exploits are coming from random clients IP addresses. Overall, I’m feeling very good about the development we’ve done so far, and I look forward to seeing where this project goes. I really enjoy working with node.js, it’s been a while.

Here’s the Github repo in case you want to check it out:

https://github.com/sharoninator/Website-Security-Tool

Job Updates

Still no offers or interviews, the market seems pretty rough for junior software developers. I’ve branched out to also applying to positions like cloud engineering and DevOps, which is similar to what I do now at the Open Source Lab. I’m optimistic that I’ll find something eventually, with enough grit and applications. I also know a few people in the industry, and they might be able to help me out with getting references. I’ve been grinding leetcode lately to practice for interviews. I find it quite fun, and I can tell I’m getting better at solving problems than I was when I first started. Winter break is coming up, and I’ll be on vacation for part of it, but the other part I’ll probably spend doing leetcode and applying for jobs.

So far our project is going well. We’ve split up the project into vulnerabilities, and I’m in charge of exploiting the following vulnerabilities: Insecure design, path traversal, and security misconfiguration. We also decided that we’ll be implementing the web server with node.js and express, which I have prior experience with from past projects. JavaScript is one of my favorite languages, so I look forward to using this framework in our project. I enjoy developing backend servers, as I’m fascinated by how servers interact. I’m also very interested in computer security, I’ve been to a few security conferences before and am very active in my university’s security club. This project is a mix of some of my biggest fascinations in computer science.

I’ve also been looking for a job on the side, which has been rough because not many companies are looking to hire people in computer science these days, especially not new grads, its super competitive for us. Despite this hardship, I remain optimistic and am preparing for an interview by doing leetcode problems. I’ve been trying to solve at least one problem a day, and also apply for at least one job a day. I went to the career center on campus, and they’ve reviewed my Resume and given me feedback, I’ve improved it greatly. I’ve gone to a few career fairs on campus to network, and I’m asking people I know if they’re aware of any open positions at companies that I might be a good fit for. I really hope I find a job before graduation!

I hope that this capstone project can be something I link on my resume as a portfolio project. I will be careful to make sure the code is high quality, readable, and well commented. I’ll have clear commit messages and make sure to document all the changes I make with good descriptive commit messages. The idea is for an employer to see this project, and know that I’m a skilled developer who produces high quality work.

Hello, my name is Sharon and I’m a Computer Science student in my last year at Oregon State University. In my free time, I read, rock climb, and go down Wikipedia rabbit holes. (Did you know Wikipedia has a home page?)

https://en.wikipedia.org/wiki/Main_Page

I work as a Systems Engineer the Open Source Lab on campus, a lab that services the open source community. My job consists configuring and patching of a lot of Linux environments, and rolling out environments with Chef.

I started programming as a kid, because I was into Minecraft and wanted to make my own plugins for it. I started by learning Java, and from there it really interested me. From there, I learned JavaScript and Python, and got fascinated by networking. I have a few passion projects using Node.js and express.js or socket.io. Programming something that involves computers communicating with eachother is my greatest interest.

I’m taking a senior capstone class, and I can select a project that I work on. I’m looking at finding a project where I can work on a server, preferably with node.js or Python. I also have a strong background in security because I used to work as a Security Engineer at a small company in San Fransisco. I see that in the senior project selection, there’s one called Website Security Research Project, which looks interesting. Here are its requirements:

1. Perform penetration testing on the infrastructure of the web app for many of the top ten attacks (linked below)
2. Learn from each attempt at pentesting, and harden the web app accordingly.
3. Create a writeup for the attack and the solution and add to the GitHub repo how-to.
4. Repeat 1-3 until done 

This project seems interesting because it involves server-side programming, adjusting the web app to be more secure, and I’d also get the chance to pentest the web server.