X
Roman Rott's web projects' screenshots preview
Roman Rott's web projects' screenshots preview
Loading...

Cybersecurity related projects

Dynamic Application Red Team Simulation

DARTS login page
* Internal project. Under the NDA

Berezha is an Application Security and Penetration Testing Company. DARTS is the platform that simplifies penetration tests, automates report generation, and integrates external data sources.

Role:
Full-stack developer
Responsibilities:
Implemented the whole architecture, starting from the application design in the AWS cloud stack, configuring CI/CD, creating API services and UI applications, finishing implementing own web-design and writing the documentations.
Languages:
Ruby, JavaScript
Frameworks/Libs:
React, Redux
Other technologies:
AWS, S3, IAM
Status:
Internal project. Is online and works as a part of BSG's workflow.

CTF Dashboard for «NoNameCon 2018»

NoNameCon is a 100% community-built practical cybersecurity conference in Kyiv, Ukraine. There were several workshops and a CTF game held during the event.

As a part of the team I was working on the admin application for the CTF game.

Role:
Full-Stack developer
Responsibilities:
Creating API endpoints
writing UI on vanilla JS
Maintaining servers during the game
CI/CD via GitLab
Languages:
Python 2, JavaScript
Frameworks/Libs:
Flask, Flask-SQLAlchemy
Other technologies:
Redis, Gitlab CI
Status:
Archived once CTF is ended.

Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019)

BruCON 0x0B (2019) - the cyber security conference.

Role:
UI Developer
Responsibilities:
Assisted the CTF team with creating UI for a vulnerable website
Languages:
JavaScript
Other technologies:
Heroku
Status:
Archived
Archived version: heroku
Event: twitter.com

Website for «OWASP Ukraine 2019» cybersecurity conference

The 5th annual OWASP Ukraine 2019 - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

Role:
Full-Stack developer.
Responsibilities:
I was working on the website: Design, content, images, structure
Configuring middleman, capistrano and CI/CD on GitLab to deploy static site on demand
SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml
Status:
Online

Timers for «OWASP Ukraine» 2018 and 2019 conferences

OWASP Ukraine - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

The application was created to show simple countdowns on the speakers' monitors to notify them about their timframes or to show short messages

Role:
Web developer.
Responsibilities:
Design, ui
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
Padrino
Other technologies:
heroku
Status:
Online/Paused

Website for «NoNameCon 2019» cybersecurity conference

The 2nd annual NoNameCon - a 100% community-built practical cyber security conference.

Role:
Full-Stack developer.
Responsibilities:
I was working on the website: Design, content, images, structure
Configuring middleman, capistrano and CI/CD on GitLab to deploy static site on demand
SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml
Status:
Archived
Archived version: 2019.nonamecon.org
Current website: nonamecon.org

Shlyapa-Pay.info - payment system for CTF games

«Shlyapa-Pay» is a fake payment system created for a CTF(Capture The Flag hacking game) held by «Berezha Security».

This payment system has its own website, blog, integration with ActiveMerchant as a fake payment processing. It behaves almost the same way as a common payment systems like PayPal or WebMoney allowing users to send and receive costs to/from each other. The project has its own shopping cart and kind of social network created with several pre-defined vulnerabilities in mind.

«Shlyapa-Pay» was used in game held during International forum «Cybersecurity: Ukraine and the world» and then, after fixing all the vulnerabilities and adding new ones, was a part of a game at the Cybersecurity Olympiad «HackIT-2015»

Role:
Full-Stack developer, Game-Master's assistant during 2 CTF games.
Responsibilities:
Creating back-end, front-end, integrating free design, admin page, protecting the application from all possible security issues except pre-defined ones. Creating ActiveMerchant payment processor that can be integrated into a Shopping Cart. Was configuring and optimising web, SQL servers, monitoring services and applications during the games.
Languages:
Ruby 2.2, Javascript
Frameworks/Libs:
Padrino, Jquery, Bootstrap
Other technologies:
SASS, Haml, ActiveRecord, ActiveMerchant, Devise, Upmin, Faker
Status:
«Shlyapa-Pay» is offline now due to the nature of applications created for CTF games.

MyBestDate.xyz - dating website for a CTF game

«MyBestDate» is a fake Dating website created for a CTF(Capture The Flag security game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»

This Dating website had no real users or profiles and was created with several pre-defined vulnerabilities that allowed researchers to get flags and proceed with the next part of the hacking game. It has integrated chat and rating systems to allows gamers to use their skills on a system close to real ones.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating back-end, front-end; integrating free design, admin page; protecting application from all possible security issues, except pre-defined ones; configuring and optimising web, SQL servers; monitoring services and applications during the games.
Languages:
Ruby 2.2, Javascript
Frameworks/Libs:
Ruby on Rails 4.2, Jquery, Bootstrap
Other technologies:
SASS, Haml, PostgreSQL, Faker, CarrierWave, Devise, Administrate
Status:
Archived after the CTF's end.

FindMeGetMe.xyz - fake dating service.

«FindMeGetMe» is a fake Dating website with an API for mobile application created for a CTF(Capture The Flag hacking game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»

This Fake Dating website was created for security enthusiasts and had no real users or profiles. It was created with a pre-defined vulnerabilities related to Redis and Sockets. I used a Free design and added vulnerable Rack application that gets photos from Redis service using Sockets technology.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating back-end, integrating free design, configuring and optimising web, Redis servers, monitoring services and the application during the games. Creating API for a mobile app.
Languages:
Ruby 2.2
Frameworks/Libs:
Sinatra
Other technologies:
Redis
Status:
Archived after the CTF's end.

«FindMeGetMe» mobile application

«FindMeGetMe» is a fake Dating website with an API for mobile application created for a CTF(Capture The Flag hacking game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»UISG

This is a mobile iOS and Android multiplatform application that connects to FindMeGetMe.xyz to get information about fake accounts through the API. The application had several functions to hide the server it was connected to obfuscating its JS code.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating and releasing the app, adding API required for the app.
Languages:
JavaScript
Frameworks/Libs:
React Native 0.15
Other technologies:
Status:
Archived after the CTF's end.