X
Roman Rott's web projects' screenshots preview
Roman Rott's web projects' screenshots preview
Loading...
  1. Home
  2. Portfolio
  3. JavaScript

Dynamic Application Red Team Simulation

For BSG using Ruby Rails JavaScript React

DARTS login page
* Internal project. Under the NDA

Berezha is an Application Security and Penetration Testing Company. DARTS is the platform that simplifies penetration tests, automates report generation, and integrates external data sources.

Role:
Full-stack developer
Responsibilities:
Implemented the whole architecture, starting from the application design in the AWS cloud stack, configuring CI/CD, creating API services and UI applications, finishing implementing own web-design and writing the documentations.
Languages:
Ruby, JavaScript
Frameworks/Libs:
React, Redux
Other technologies:
AWS, S3, IAM
Status:
Internal project. Is online and works as a part of BSG's workflow.

Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019)

For Roman Rott using JavaScript

Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019)
Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of BSG's twitter message on the BruCON 0x0B (2019)

BruCON 0x0B (2019) - the cyber security conference.

Role:
UI Developer
Responsibilities:
Assisted the CTF team with creating UI for a vulnerable website
Languages:
JavaScript
Other technologies:
Heroku
Status:
Archived
Archived version: heroku
Event: twitter.com

Website for «OWASP Ukraine 2019» cybersecurity conference

For Roman Rott using Ruby JavaScript

OWASP Ukraine 2019 website
Screenshot of OWASP Ukraine 2019 website Screenshot of OWASP Ukraine 2019 website - photos Screenshot of OWASP Ukraine 2019 website - about Screenshot of OWASP Ukraine 2019 website - gitlab

The 5th annual OWASP Ukraine 2019 - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

Role:
Full-Stack developer.
Responsibilities:
I was working on the website: Design, content, images, structure
Configuring middleman, capistrano and CI/CD on GitLab to deploy static site on demand
SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml
Status:
Online

Timers for «OWASP Ukraine» 2018 and 2019 conferences

For Roman Rott using Ruby JavaScript

OWASP Ukraine Conference timer admin
Screenshot of OWASP Ukraine Conference timer admin Screenshot of OWASP Ukraine Conference timer admin Screenshot of OWASP Ukraine Conference timer paused Screenshot of OWASP Ukraine Conference timer message Screenshot of OWASP Ukraine Conference timer message Screenshot of OWASP Ukraine Conference timer on the scene

OWASP Ukraine - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

The application was created to show simple countdowns on the speakers' monitors to notify them about their timframes or to show short messages

Role:
Web developer.
Responsibilities:
Design, ui
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
Padrino
Other technologies:
heroku
Status:
Online/Paused

Website for «NoNameCon 2019» cybersecurity conference

For Roman Rott using Ruby JavaScript

NoNameCon 2019 website
Screenshot of NoNameCon 2019 website Screenshot of NoNameCon 2019 website Screenshot of NoNameCon 2019 website - gitlab

The 2nd annual NoNameCon - a 100% community-built practical cyber security conference.

Role:
Full-Stack developer.
Responsibilities:
I was working on the website: Design, content, images, structure
Configuring middleman, capistrano and CI/CD on GitLab to deploy static site on demand
SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml
Status:
Archived
Archived version: 2019.nonamecon.org
Current website: nonamecon.org

Callback system

For Enova using Ruby Rails JavaScript

Enova logo
* Internal project. Under the NDA

Large enterprise project in financial sphere intended to optimize business processes of the loan company.

Role:
Team Lead.
Responsibilities:
Code reviews, estimating and allocating resources.
Decision-making and negotiating.
Writing new and refactoring legacy code.
Languages:
Ruby, JavaScript
Status:
Internal project. Is online and works as a part of Enova's products.

Chairlift(Better Feedback)

For Sphere Inc using Ruby Rails React JavaScript

Chairlift(Better Feedback) dashboard
Screenshot of Chairlift(Better Feedback) dashboard Screenshot of Chairlift(Better Feedback) company page Screenshot of Chairlift(Better Feedback) main page Screenshot of Chairlift(Better Feedback)

Chairlift is a modern, cloud based HR solution that elevates employee performance and provides HR professionals with the insight to nourish workplace culture. It is an internal Sphere project I worked as a part of remote team.

Role:
Front-end, Back-end developer
Responsibilities:
Implemented several UI parts/features of the application using React, Redux and ES6. Worked on back-end entities.
Languages:
Ruby 2, ES6
Frameworks/Libs:
Ruby on Rails 4.2, React+Redux
Testing Frameworks:
Rspec, Factory Girl
Other technologies:
JSON, postgreSQL
Status:
Online.

Chairlift Expenses

For Sphere Inc using Ruby Rails React JavaScript

Chairlift Expenses
* Internal project. Under the NDA.

Chairlift Expenses is an internal Sphere’s project for handling company's expenses. I was working on it starting from the initial proposal, planning and designing architecture and finishing implementing both front and back-ends of the project. Switched to another roject befor this one ended.

Role:
Team Lead
Responsibilities:
Code reviews, estimating and allocating resources, writing stories. Decision-making and negotiating, communicating with the project owner.
Writing code, making architectural decisions.
Languages:
Ruby 2, ES2016
Frameworks/Libs:
Ruby on Rails 5, React, Redux
Testing Frameworks:
Rspec
Status:

Shlyapa-Pay.info - payment system for CTF games

For Roman Rott using Ruby JavaScript

Fake payment system for CTF security game
Screenshot of Fake payment system for CTF security game Screenshot of Main website of the hacking game's payment system Screenshot of List of plans of the payment system for hacking games Screenshot of Captcha with security issues to allow researchers to hack into the system Screenshot of List of falke users of the payment system created for security researches

«Shlyapa-Pay» is a fake payment system created for a CTF(Capture The Flag hacking game) held by «Berezha Security».

This payment system has its own website, blog, integration with ActiveMerchant as a fake payment processing. It behaves almost the same way as a common payment systems like PayPal or WebMoney allowing users to send and receive costs to/from each other. The project has its own shopping cart and kind of social network created with several pre-defined vulnerabilities in mind.

«Shlyapa-Pay» was used in game held during International forum «Cybersecurity: Ukraine and the world» and then, after fixing all the vulnerabilities and adding new ones, was a part of a game at the Cybersecurity Olympiad «HackIT-2015»

Role:
Full-Stack developer, Game-Master's assistant during 2 CTF games.
Responsibilities:
Creating back-end, front-end, integrating free design, admin page, protecting the application from all possible security issues except pre-defined ones. Creating ActiveMerchant payment processor that can be integrated into a Shopping Cart. Was configuring and optimising web, SQL servers, monitoring services and applications during the games.
Languages:
Ruby 2.2, Javascript
Frameworks/Libs:
Padrino, Jquery, Bootstrap
Other technologies:
SASS, Haml, ActiveRecord, ActiveMerchant, Devise, Upmin, Faker
Status:
«Shlyapa-Pay» is offline now due to the nature of applications created for CTF games.

«FindMeGetMe» mobile application

For Roman Rott using JavaScript React Node

Mobile React Native app from a security enthusiast
Screenshot of Mobile React Native app from a security enthusiast Screenshot of Screens of React Native app created to show how to hack web applications Screenshot of React Native app's source code of a front end developer

«FindMeGetMe» is a fake Dating website with an API for mobile application created for a CTF(Capture The Flag hacking game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»UISG

This is a mobile iOS and Android multiplatform application that connects to FindMeGetMe.xyz to get information about fake accounts through the API. The application had several functions to hide the server it was connected to obfuscating its JS code.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating and releasing the app, adding API required for the app.
Languages:
JavaScript
Frameworks/Libs:
React Native 0.15
Other technologies:
Status:
Archived after the CTF's end.

grunt-coffee-chain - grunt plugin

For Roman Rott using Grunt Node JavaScript OSS

front-end of grunt-coffee-chain's website
Screenshot of front-end of grunt-coffee-chain's website Screenshot of grunt-coffee-chain in npm list Screenshot of back-end of grunt-coffee-chain compiller
* Project's homepage was generated by GitHub Pages

It is a grunt plugin inspired by Sprockets to compile CoffeeScripts that has sprockets-style comments to indicate dependencies. It allows web developers in their CoffeeScript files to write Sprockets-style comments to indicate dependencies, e.g.

#= require main
#= require_tree lib

This ruby gem is written in CoffeeScript but it compiles itself to JavaScript using the previous version of itself.

Role:
JavaScript developer
Responsibilities:
Full-Stack developer
Languages:
CoffeeScript, JavaScript
Frameworks/Libs:
Node.js 0.10.15
Other technologies:
Grunt 0.4, Sprockets, Snockets
Status:
Archived