Skip to content

Latest commit

 

History

History
436 lines (354 loc) · 12.2 KB

README.md

File metadata and controls

436 lines (354 loc) · 12.2 KB

Logo

BondoMan

Tubes 1 of Platform-Based Application Development (IF2211)

Table of Contents
  1. About The Project
  2. How to Use?
  3. Author


About The Project

Logo

Tubes 1 of Tubes 1 of Platform-Based Application Development (IF2211). A financial management app to track income, expense, and saving transactions.

Specification

  • Navigation
    • Header
    • Bottom navigation bar
  • Authentication
    • Login
    • Background service that checks JWT expiration
    • Logout
  • Transaction CRUD
    • View transaction details including its location using Google Maps
    • Add new transaction with automated date and location data
    • Update transaction
    • Delete transaction
  • List of transactions
    • Transaction data are stored locally in a Room database
    • View all transactions as transaction list
    • Overall statistics including balance, cashflow, and growth
    • Display list using recycler view for optimization
  • Bill scan
    • Add a new transaction entry by capturing a physical bill using a android's camera (Dummy OCR)
  • Graphs
    • Statistics are represented by graphic charts
    • The statistics include total income, expenses, and savings within each period of time, displayed using line charts
  • Export
    • Transaction data can be exported into a spreadsheet with the format of .xlsx or .xls
  • Share
    • Transaction data can be shared through GMail as a spreadsheet file with the format of .xlsx or .xls
  • Network sensing
    • Bondoman uses semi-online system that lets user use the app without having to be always connected to the internet
    • Bondoman can detect current network status and alert the user if internet connection is unavailable
  • Broadcast receiver
    • Preferences settings includes randomize transaction to set a random initial data whenever user add a new transaction
  • Profile
    • [BONUS] User can customize their profile, including profile picture with optional twibbon overlay
  • Security
    • [BONUS] OWASP analysis


Built with

Tech stack

  • Kotlin

Libraries

  • Jetpack Compose
  • KSP
  • Dagger Hilt
  • Safe Args
  • Life Cycle
  • Retrofit
  • Moshi
  • OkHTTP3
  • Room
  • CameraX
  • AndroidMP
  • GMS
  • POI


OWASP Analysis

OWASP analysis is a security analysis that is used to identify the security risks in an application. The analysis is based on the OWASP Top 10, which is a list of the 10 most critical security risks in web applications. The analysis is performed by scanning the application for vulnerabilities and then reporting on the findings. The goal of the analysis is to identify and fix any security risks in the application before they can be exploited by attackers.

in this project we will analyze:

  1. Insufficient Input/Output Validation
  2. Security Misconfiguration
  3. Insecure Data Storage

Let's start the analysis!

1. Insufficient Input/Output Validation

Insufficient input/output validation is a security risk that occurs when an application does not properly validate user input or output. This can lead to a variety of security risks, including injection attacks, cross-site scripting, and other vulnerabilities. To mitigate this risk, it is important to validate all user input and output to ensure that it is safe and secure. in this part i will make an example of insufficient input/output validation with the following part below:

a. Injections

we will make an example with fill the email and password with "1'or'1'='1" to show all user that registered in the application.

API will response some issue that inform the email and password is invalid and the user can't login to the application. without appearing all user that registered in the application.

b. improper or no input validation

in this part we will not filling anything in page new transaction and click the button "Add Transaction" to show the error message that inform the user to fill the form.

the application will show toast message that inform the user to fill the form and the application still running and not crash.

2. Security Misconfiguration

Security misconfiguration is a security risk that occurs when an application is not properly configured to protect against security threats. This can include things like default passwords, unnecessary services, and other configuration issues that can be exploited by attackers. To mitigate this risk, it is important to ensure that the application is properly configured and that all security settings are up to date.

In this part i will make an example of security misconfiguration about make an necessary permission to access the camera and location in the application.

in this application the user should give the permission to access the camera and location to use the feature in the application. if the user not give the permission the application will not run the feature that need the permission.

so for what is the feature that need the permission, its because to ensure the user data is safe and secure. the application will not access the camera and location without the user permission.

3. Insecure Data Storage

Insecure data storage is a security risk that occurs when an application does not properly store sensitive data. This can include things like storing passwords in plain text, using weak encryption, or not properly securing data at rest. To mitigate this risk, it is important to ensure that all sensitive data is properly encrypted and stored securely.

In this application that have 2 important data that need to be stored securely, it is email and token JWT. the email and token JWT will be stored in root directory with random name and encrypted with RSA encryption by keystore. so the token and the email will be stored securely and can't be accessed by other application without key.

if the user fill something in the email and token file application will denied the access to the file and the application will not crash, but it will go to login page instead.

like this example below:

and the application will response like this:



How To Use

1. Login


2. View transaction list


3. Add new transaction


4. View transaction detail


5. Edit transaction detail


6. Delete transaction


7. Scan bill


8. View statistics


9. Settings



Author

NIM Name
10023509 M. Surya Dharma Khazinatul Azror
13521019 Ditra Rizqa Amadia
13521005 Bernardus Willson
13521005 Fahrian Afdholi
Task item Contributors
Design Ditra Amadia
Surya Azror
Splash screen page Surya Azror
Login page Bernardus Willson
Navigation components Ditra Amadia
Transaction page Ditra Amadia
Bernardus Willson
Fahrian Afdholi
Transaction details page Bernardus Willson
Scan page Bernardus Willson
Add trasaction page Bernardus Willson
Statistics page Ditra Amadia
Bernardus Willson
Settings page Ditra Amadia
Bernardus Willson
Fahrian Afdholi
Profile page Ditra Amadia
Bernardus Willson
Authentication Fahrian Afdholi
Navigation Ditra Amadia
Bernardus Willson
Fahrian Afdholi
Transaction list Bernardus Willson
Fahrian Afdholi
Create transaction Bernardus Willson
Fahrian Afdholi
View transaction detail Bernardus Willson
Fahrian Afdholi
Edit transaction detail Bernardus Willson
Fahrian Afdholi
Delete transaction Bernardus Willson
Fahrian Afdholi
Bill scanning Bernardus Willson
Fahrian Afdholi
Statistics Bernardus Willson
Edit profile Ditra Amadia
Bernardus Willson
Export data Fahrian Afdholi
Share data Fahrian Afdholi
Randomize data Fahrian Afdholi
End To End Testing Surya Azror
Documentation Ditra Amadia
OWASP Analysis Fahrian Afdholi