X
Roman Rott's web projects' screenshots preview
Roman Rott's web projects' screenshots preview
Loading...
  1. Home
  2. Portfolio
  3. Ruby

Dynamic Application Red Team Simulation

For BSG using Ruby Rails JavaScript React

DARTS login page
* Internal project. Under the NDA

Berezha is an Application Security and Penetration Testing Company. DARTS is the platform that simplifies penetration tests, automates report generation, and integrates external data sources.

Role:
Full-stack developer
Responsibilities:
Implemented the whole architecture, starting from the application design in the AWS cloud stack, configuring CI/CD, creating API services and UI applications, finishing implementing own web-design and writing the documentations.
Languages:
Ruby, JavaScript
Frameworks/Libs:
React, Redux
Other technologies:
AWS, S3, IAM
Status:
Internal project. Is online and works as a part of BSG's workflow.

Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019)

For Roman Rott using JavaScript

Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019)
Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of Website/Endpoint for one of The CTF task on the BruCON 0x0B (2019) Screenshot of BSG's twitter message on the BruCON 0x0B (2019)

BruCON 0x0B (2019) - the cyber security conference.

Role:
UI Developer
Responsibilities:
Assisted the CTF team with creating UI for a vulnerable website
Languages:
JavaScript
Other technologies:
Heroku
Status:
Archived
Archived version: heroku
Event: twitter.com

Website for «OWASP Ukraine 2019» cybersecurity conference

For Roman Rott using Ruby JavaScript

OWASP Ukraine 2019 website
Screenshot of OWASP Ukraine 2019 website Screenshot of OWASP Ukraine 2019 website - photos Screenshot of OWASP Ukraine 2019 website - about Screenshot of OWASP Ukraine 2019 website - gitlab

The 5th annual OWASP Ukraine 2019 - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

Role:
Full-Stack developer.
Responsibilities:
I was working on the website: Design, content, images, structure
Configuring middleman, capistrano and CI/CD on GitLab to deploy static site on demand
SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml
Status:
Online

Timers for «OWASP Ukraine» 2018 and 2019 conferences

For Roman Rott using Ruby JavaScript

OWASP Ukraine Conference timer admin
Screenshot of OWASP Ukraine Conference timer admin Screenshot of OWASP Ukraine Conference timer admin Screenshot of OWASP Ukraine Conference timer paused Screenshot of OWASP Ukraine Conference timer message Screenshot of OWASP Ukraine Conference timer message Screenshot of OWASP Ukraine Conference timer on the scene

OWASP Ukraine - the biggest Ukrainian Application Security conference held under the aegis of OWASP Lviv, Kyiv, Dnipro and Kharkiv chapters.

The application was created to show simple countdowns on the speakers' monitors to notify them about their timframes or to show short messages

Role:
Web developer.
Responsibilities:
Design, ui
Languages:
Ruby 2.5, JavaScript
Frameworks/Libs:
Padrino
Other technologies:
heroku
Status:
Online/Paused

Notification Engine

For Groupon using Ruby Rails

Groupon logo
* Internal project. Under the NDA

Groupon is an US e-commerce marketplace. I was working on their notification engine that handles reservation related notifications for Online Booking. It consists of a web server and a set of background workers to send messages and receive callbacks from the SMS/Calls service.

Role:
Back-end developer
Responsibilities:
Languages:
Ruby 2
Frameworks/Libs:
Ruby on Rails, Resque, Redis, Groupon-specific services/APIs
Status:
Internal Groupon's project. Under the NDA

Cater2.me applications and infrastructure

For Cater2.me using Ruby Rails JavaScript React

Cater2.me main page
Screenshot of Cater2.me main page Screenshot of Cater2.me main page
* Internal projects. Under the NDA

Cater2.me provides customizable catering solutions for offices. They allow companies to order food from local vendors, letting their employees customize and set the meal schedule. Team admins can segment the team into different groups and track order details.

Project includes Admin app and API, 2 versions of Client Apps, Group Ordering App, Vendor App, Operators Interface, Finance App and several internal gems and js/node libs.

Role:
Full-stack developer
Responsibilities:
Maintained the website, several internal applications, applications for clients, vendors and operators, maintained admin console.
Prepared and held internal penetration test(both, black-box and white-box).
Languages:
Ruby, CoffeeScript, JavaScript, TypeScript
Frameworks/Libs:
React, Redux, Svelte, Rails
Other technologies:
Heroku, Node
Status:
Internal projects. Are online and work as a part of Cater2.me's infrastructure.

Callback system

For Enova using Ruby Rails JavaScript

Enova logo
* Internal project. Under the NDA

Large enterprise project in financial sphere intended to optimize business processes of the loan company.

Role:
Team Lead.
Responsibilities:
Code reviews, estimating and allocating resources.
Decision-making and negotiating.
Writing new and refactoring legacy code.
Languages:
Ruby, JavaScript
Status:
Internal project. Is online and works as a part of Enova's products.

Dabble

For Dabble.co using Ruby Rails

Dabble.co main page
Screenshot of Dabble.co main page Screenshot of Dabble.co host a class page Screenshot of Dabble.co class page

Dabble is an online community marketplace for people to discover, teach and host unique and affordable one-time classes. Was working mostly on UI parts of the app using JS and CoffeeScript.

I was working on migrating from old SSO to a new one, refactored and removed legacy code, optimizing and performance enhancement. Implemented new features and products.

Role:
Front-end, Back-end developer
Responsibilities:
Languages:
Ruby, CoffeeScript
Frameworks/Libs:
Ruby on Rails, Trailblazer, Cells, Roar, ActiveAdmin, jQuery
Testing Frameworks:
Rspec
Status:
Online.

Chairlift(Better Feedback)

For Sphere Inc using Ruby Rails React JavaScript

Chairlift(Better Feedback) dashboard
Screenshot of Chairlift(Better Feedback) dashboard Screenshot of Chairlift(Better Feedback) company page Screenshot of Chairlift(Better Feedback) main page Screenshot of Chairlift(Better Feedback)

Chairlift is a modern, cloud based HR solution that elevates employee performance and provides HR professionals with the insight to nourish workplace culture. It is an internal Sphere project I worked as a part of remote team.

Role:
Front-end, Back-end developer
Responsibilities:
Implemented several UI parts/features of the application using React, Redux and ES6. Worked on back-end entities.
Languages:
Ruby 2, ES6
Frameworks/Libs:
Ruby on Rails 4.2, React+Redux
Testing Frameworks:
Rspec, Factory Girl
Other technologies:
JSON, postgreSQL
Status:
Online.

Chairlift Expenses

For Sphere Inc using Ruby Rails React JavaScript

Chairlift Expenses
* Internal project. Under the NDA.

Chairlift Expenses is an internal Sphere’s project for handling company's expenses. I was working on it starting from the initial proposal, planning and designing architecture and finishing implementing both front and back-ends of the project. Switched to another roject befor this one ended.

Role:
Team Lead
Responsibilities:
Code reviews, estimating and allocating resources, writing stories. Decision-making and negotiating, communicating with the project owner.
Writing code, making architectural decisions.
Languages:
Ruby 2, ES2016
Frameworks/Libs:
Ruby on Rails 5, React, Redux
Testing Frameworks:
Rspec
Status:

IraRott.com - online store of knit and crochet patterns

For Roman Rott using Ruby JavaScript

IraRott.com - Performance
Screenshot of IraRott.com - Performance Screenshot of IraRott.com - online store of knit and crochet patterns Screenshot of front-end of IraRott.com website - pattern page Screenshot of front end of IraRott.com website - List of patterns in category Screenshot of admin page of IraRott.com Screenshot of Patterns' admin page on IraRott.com Screenshot of Category admin page on IraRott.com Screenshot of Seo options on the admin page of IraRott.com Screenshot of Seo checkers on the admin page of IraRott.com Screenshot of Digital Ocean panel of IraRott.com Screenshot of Digital Ocean panel of IraRott.com

Ira Rott is a Knit & Crochet Designer living in Southern Ontario, Canada. This website is her online shopping cart for selling digital material (pdf files with patterns).

This is the second version with a lot of design changes and updates in the admin panel, new built-in SEO tools. It was refactored and optimised in order to run in the dockerised environment

There are hundreds paid and dozens free pdf patterns on the site, that can be downloaded and used by masters around the world. Additionally, it has Ira's portfolio and integration with Etsy system.

Website is a kind of CMS that has almost everything customizable using admin page, beginning with adding new patterns, portfolios, creating standalone pages, categories etc and ending with changing all SEO-related parameters of this website.

Role:
Full-Stack developer. Remote developer
Responsibilities:
Creating back-end and front-end, admin page, application design
web-design, SEO-optimisation
site migration, support current features and monitoring website's state.
Languages:
Ruby 2.4, JavaScript
Frameworks/Libs:
Padrino, Jquery
Other technologies:
Docker, SASS, Haml, ActiveRecord, Carrierwave, Poltergeist, Selenium, JSON, Sprockets, Nginx, PostgreSQL
Status:
Online

IraRott.com - old version of this online store of knit and crochet patterns

For Roman Rott using Ruby JavaScript

IraRott.com - online store of knit and crochet patterns
Screenshot of IraRott.com - online store of knit and crochet patterns Screenshot of front-end of IraRott.com website - pattern page Screenshot of front end of IraRott.com website - List of patterns in category Screenshot of admin page of IraRott.com wrote on ruby language Screenshot of Category admin page wrote using ruby language Screenshot of back-end of IraRott.com - newrelic stats

Ira Rott is a Knit & Crochet Designer living in Southern Ontario, Canada. This website is her online shopping cart for selling digital material (pdf files with patterns).

There are hundreds paid and dozens free pdf patterns on the site, that can be downloaded and used by masters around the world. Additionally, it has Ira's portfolio and integration with Etsy system.

Website is a kind of CMS that has almost everything customizable using admin page, beginning with adding new patterns, portfolios, creating standalone pages, categories etc and ending with changing all SEO-related parameters of this website.

Role:
Full-Stack developer. Remote developer
Responsibilities:
Creating back-end and front-end, admin page, application design
design, SEO-optimisation
configuring and optimization of the web, SQL servers, site migration, support current features and monitoring website's state.
Languages:
Ruby 2.1, JavaScript, CoffeeScript
Frameworks/Libs:
Padrino, Jquery
Other technologies:
SASS, Haml, ActiveRecord, Carrierwave, Poltergeist, Selenium, JSON, Newrelic, Sprockets, Nginx, PostgreSQL, Capistrano
Status:
Archived

Cloud Hosting control panel

For Ecommerce.com using Ruby Rails JavaScript

Cloud hosting control panel web application
Screenshot of Cloud hosting control panel web application Screenshot of Dashboard of web application for Cloud hosting Screenshot of Adding new servers to cloud hosting web applications Screenshot of Cloud hosting panel with list of web-servers Screenshot of Biiling page integrated into cloud hosting web application Screenshot of control Cloud hosting iso images Screenshot of Cloud hosting control panel. Events list Screenshot of List of ips for web developers Screenshot of Launch server pop-up

Cloud by IX is a Cloud Hosting service created for system and database administrators, web developers, resellers, hosting professionals and business infrastructure. An entire business can literally be operated within a single Cloud by IX product. Service is integrated into IXWebhosting.com and CloudByIX.com hosting brands.

Current project is a Single Page JavaScript Application that integrates CloudStacks into current manage panel of Ecommerce.com's brands. Application has Ruby on Rails and Sinatra on back-end and backbone.js on front-end

Role:
Full-Stack developer. Member of a team of front end developers, BAs, PMs, admins, etc. This product was developed and released using Agile methodology.
Responsibilities:
As a part of the team: Creating UI that integrates current control panel with CloudStack. Design of some UI components. Adapting SOAP API interface to JSON and vise verse. Supporting released features, updating functionality as it was required by MVP and Agile methodologies. Security enthusiast
Languages:
Ruby 1.9.7 and 2.1.3, CoffeeScript
Frameworks/Libs:
Ruby on Rails 4.0, Sinatra, Backbone.js 1.1, Marionette.js, jQuery
Testing Frameworks:
Rspec 3.2, Capybara, Jasmine, VCR, site_prism.vcr
Other technologies:
Capistrano, SASS, ROM, Guard, Node, Faye
Status:
Acquired by BlueHost.

rrott.com - current website-portfolio

For Roman Rott using Ruby JavaScript

rrott.com - web developer portfolio and blog about web application security
Screenshot of rrott.com - web developer portfolio and blog about web application security Screenshot of Roman Rott - full stack developer, security enthusiast Screenshot of Web developer portfolio of Roman Rott

My own website with blog and portfolio. The Website includes basic information about myself, my projects, my contact information and blog post related to web-development and security researches.

Role:
Full-Stack developer. Security enthusiast
Responsibilities:
Creating back-end, front-end, design, SEO-optimization, performance optimization, configuring web server.
Languages:
Ruby 2.2, CoffeeScript
Frameworks/Libs:
MiddleMan - static site generator.
Other technologies:
HTML5, Haml, Pure, HTTP/2, WebP
Status:
Online
Website: rrott.com
Portfolio: /portfolio
Blog: /blog

Shlyapa-Pay.info - payment system for CTF games

For Roman Rott using Ruby JavaScript

Fake payment system for CTF security game
Screenshot of Fake payment system for CTF security game Screenshot of Main website of the hacking game's payment system Screenshot of List of plans of the payment system for hacking games Screenshot of Captcha with security issues to allow researchers to hack into the system Screenshot of List of falke users of the payment system created for security researches

«Shlyapa-Pay» is a fake payment system created for a CTF(Capture The Flag hacking game) held by «Berezha Security».

This payment system has its own website, blog, integration with ActiveMerchant as a fake payment processing. It behaves almost the same way as a common payment systems like PayPal or WebMoney allowing users to send and receive costs to/from each other. The project has its own shopping cart and kind of social network created with several pre-defined vulnerabilities in mind.

«Shlyapa-Pay» was used in game held during International forum «Cybersecurity: Ukraine and the world» and then, after fixing all the vulnerabilities and adding new ones, was a part of a game at the Cybersecurity Olympiad «HackIT-2015»

Role:
Full-Stack developer, Game-Master's assistant during 2 CTF games.
Responsibilities:
Creating back-end, front-end, integrating free design, admin page, protecting the application from all possible security issues except pre-defined ones. Creating ActiveMerchant payment processor that can be integrated into a Shopping Cart. Was configuring and optimising web, SQL servers, monitoring services and applications during the games.
Languages:
Ruby 2.2, Javascript
Frameworks/Libs:
Padrino, Jquery, Bootstrap
Other technologies:
SASS, Haml, ActiveRecord, ActiveMerchant, Devise, Upmin, Faker
Status:
«Shlyapa-Pay» is offline now due to the nature of applications created for CTF games.

MyBestDate.xyz - dating website for a CTF game

For Roman Rott using Ruby Rails JavaScript

website for CTF hacking game. Payment page
Screenshot of website for CTF hacking game. Payment page Screenshot of Main page of website created for CTF security game Screenshot of List of users to hack generated for the researchers Screenshot of User page that has bugs needed for a white hat hacker Screenshot of Chat with bugs needed for a security enthusiast Screenshot of Add profile page, ethical hacking

«MyBestDate» is a fake Dating website created for a CTF(Capture The Flag security game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»

This Dating website had no real users or profiles and was created with several pre-defined vulnerabilities that allowed researchers to get flags and proceed with the next part of the hacking game. It has integrated chat and rating systems to allows gamers to use their skills on a system close to real ones.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating back-end, front-end; integrating free design, admin page; protecting application from all possible security issues, except pre-defined ones; configuring and optimising web, SQL servers; monitoring services and applications during the games.
Languages:
Ruby 2.2, Javascript
Frameworks/Libs:
Ruby on Rails 4.2, Jquery, Bootstrap
Other technologies:
SASS, Haml, PostgreSQL, Faker, CarrierWave, Devise, Administrate
Status:
Archived after the CTF's end.

Ordering wizard for Cloud product on CloudByIx.com and IxWebhosting.com

For Ecommerce.com using Ruby JavaScript

First step of Ordering Wizard - a single page web application
Screenshot of First step of Ordering Wizard - a single page web application Screenshot of Second step of Ordering Wizard - a single page web application Screenshot of Last step of Ordering Wizard - a single page web application

IXwebhosting.com and CloudByIX.com are hosting services that provide cloud hosting product for their customers. This project is an integrated Single Page Application that allows to pre-configure and bye cloud product without using external payment services.

Role:
Full-Stack developer. Member of a team of front and back-end developers, BAs, PMs, admins, etc. This product was developed and released using Agile methodology.
Responsibilities:
As a part of the team: creating UI that integrates SOAP API interface with control panel and CloudStack that uses JSON. Supporting released features, updating functionality as it was required by MVP and Agile methodologies.
Languages:
Ruby 2.1.3, CoffeeScript
Frameworks/Libs:
Sinatra, Backbone.js, jQuery, Ruby on Rails 4.0
Testing Frameworks:
Rspec 3.2, Capybara, Jasmine, VCR, site_prism.vcr
Other technologies:
Capistrano, SASS, ROM
Status:
Acquired by BlueHost.

Landing pages for IxWebhosting.com and HostExcellence.com

For Ecommerce.com using Ruby Rails JavaScript

Hacker Shiield landing page about web application security
Screenshot of Hacker Shiield landing page about web application security Screenshot of Landing page of Site Builder - service for web developers Screenshot of Ruby on rails website with popup Screenshot of ruby rails website with 'thank you' popup Screenshot of Landing page of Domain Club - proposition for full stack developers Screenshot of Thank you landing page of the hosting company

IXwebhosting.com and HostExcellence.com are hosting brands that have a lot of products including shared, cloud and VPS hostings, domain and SSL registrations, Site Builders and Design services, etc.

This project contains pop-ups and bunch of landing pages for current and pre-sales products that give the company an opportunity to sale a product using one-click purchase tool or Opt-In for a new project that is not yet released.

Role:
Front-end developer
Responsibilities:
Integrating design with current API and Hosting Control panel, adding code needed for One-Click purchase tool.
Languages:
Ruby 2.1.3, CoffeeScript
Frameworks/Libs:
Ruby on Rails 4.0, jQuery
Testing Frameworks:
Rspec 3.2, Capybara, Jasmine
Other technologies:
SASS, Faye, JSON
Status:
Acquired by BlueHost.

FindMeGetMe.xyz - fake dating service.

For Roman Rott using Ruby

front-end of a CTF site with images served using Sockets
Screenshot of front-end of a CTF site with images served using Sockets Screenshot of FindMeGetMe CTF site. web application for a white hat hacker Screenshot of FindMeGetMe CTF site. Api part of site Screenshot of FindMeGetMe CTF site. back-end with sockets Screenshot of FindMeGetMe CTF site. web application's source code Screenshot of FindMeGetMe CTF site. web application's back-end source code

«FindMeGetMe» is a fake Dating website with an API for mobile application created for the CTF(Capture The Flag hacking game) organised for UISGCon 11(2015) - Ukrainian InfoSec conference held by Non-Government Organisation «Ukrainian Information Security Group»

This Fake Dating website was created for security enthusiasts and had no real users or profiles. It was created with a pre-defined vulnerabilities related to Redis and Sockets. I used a Free design and added vulnerable Rack application that gets photos from Redis service using Sockets technology.

Role:
Full-Stack developer, second Game-Master
Responsibilities:
Creating back-end, integrating free design, configuring and optimising web, Redis servers, monitoring services and the application during the games. Creating API for a mobile app.
Languages:
Ruby 2.2
Frameworks/Libs:
Sinatra
Other technologies:
Redis
Status:
Archived after the CTF's end.