Audit our Web and Mobile App codes

Please login or register as jobseeker to apply for this job.

TYPE OF WORK

Freelance

WAGE / SALARY

N/A

HOURS PER WEEK

TBD

DATE UPDATED

Apr 3, 2021

JOB OVERVIEW

**Receipt all information, code, documents, designs and all other deliverables from the executing company.**

**Detect and request for any missing information, details or documents that weren't received from the executing company.**

**Audit and Review the provided code and create the report of all findings and observations which will include but not limited to bugs, architecture, clean code, best practices, Security, hardening and so on.**

**Recommend fixes, enhancements and fine-tuning on the provided code and development architecture.**

**Compile, Test and validate the provided APK, IPA files and report findings and observation, recommend solutions, fixes and enhancements.**

**Check, review, validate and collect all information related to DevOps, Servers installation and application deployment.**

**You must have experience on the following:**


1- Flutter
2- Laravel (Backend)
3 - VueJS
4- Authentication, SMS and Push Notifications, In-App messaging, Cloud Storage, Dynamic Links & integration with Google Maps or equivalent services from AWS.
5- Pusher
6- MySQL (For transactional DB).
7- Payment Gateway integration.
8- DevOps with All Deployment Documentations.

**You must check and validate that the executing company will follow the Clean code best practices including but not limited to the following:**

- It is easy to understand the execution flow of the entire application
- It is easy to understand how the different objects collaborate with each other
- It is easy to understand the role and responsibility of each class
- It is easy to understand what each method does
- It is easy to understand what is the purpose of each expression and variable
- It is easy to extend and refactor.
- Avoid duplication anywhere in code
- Use well-named Function more than using comments to describe it.
- Classes and methods are small and only have a single responsibility
- Classes have clear and concise public APIs
- Classes and methods are predictable and work as expected
- The code is easily testable and has unit tests.
- Follow the three laws of Test-Driven Development (TDD)
- Tests are easy to understand and easy to change
- Avoid hard coding & centralize managing strings/variables values used in the application
- Use FQDN instead of public or private IP addresses.
- User Input Validation.

**You must check and validate that the executing company will follow Security best practices to secure the code which including but not limited to the following:**

- Validate input from all untrusted data sources including command line arguments, network interfaces, environmental variables, and user-controlled files
- Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code
- Use static and dynamic analysis tools to detect and eliminate additional security flaws.
- Create the application and web architecture and design to implement and enforce security policies consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set.
- Base access decisions on permission rather than exclusion so by default, access is denied.
- Every process should execute with the least set of privileges necessary to complete the job. Any elevated permission should only be accessed for the least amount of time required to complete the privileged task.
- Sanitize all data passed to complex subsystems such as command shells, relational databases, and commercial off-the-shelf (COTS) components to avoid injection attacks.
- Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming an exploitable vulnerability and/or limit the consequences of a successful exploit.
- Use effective quality assurance techniques.
- Develop Detailed Error Handling and Logging Files, and Keep Them Secure
- Update System Design and Network Configuration to Maintain Security
- Always use strong encryption and hashing to secure sensitive data.
- Provide detailed information about the used encryption algorithms, SSL certificates and their private/public key names & lengths.
- Avoid weak authentication methods and maintain session time out.

VIEW OTHER JOB POSTS FROM:
SHARE THIS POST
facebook linkedin