Design Flaws - Scenario One and Fix

Alli-Balogun Faruq
Feb 8, 2019 · 3 min read
Image for post
Image for post

Last week we published an article in which we promised to tell you how to avoid design flaws which we did but a lot of you guys think we didn’t. There has been some request for an in-depth explanation/closer look at individual scenarios including my experiences.

Design flaws are of different kinds and cannot all be summarized into a 6 paragraph article, we will be addressing some of the popular flaws and their possible fixes which may include database structure suggestions, coding e.t.c.

P.S This article is meant for absolute beginners who know nothing about software development, this series of articles is meant to bring their minds to the developer’s environment.

Having said that.

Hello Guys👋! Alli-Balogun Faruq here from Node Shack, Let’s get down to business guys. We all love to spend time on the internet doing different things, Some of us spot flaws mistakenly, some of us always keep an eye out for flaws (for the reward baby!) and some just never spot flaws.

Image for post
Image for post
Image 1 - Gotten from Intel Bug Bounty reward

On the 1st of January 2019 while I was on the internet I decided to invest on an amazing bootstrap administration theme, being a festive period I was given a gift (another theme) which I have to select from a list of all product on the platform. Guess what? I was able to exploit their flaw and I got 5 different themes worth 85USD each for free which I reported and got a great reward.

Now you are asking How I was able to get the themes for free:

  • I made a purchase
Image for post
Image for post
Image 2 - This is what is happening

You asking Why?! It’s obvious, the redeemed gifts are not being tracked. It needs to be tied to the user and to the purchased product

Image for post
Image for post
Image 3 — This is what is meant to happen

Looking at image 3, if I redeem the gift on a tab? I won’t be able to redeem on the other tabs because my gift redeem status for the particular product I bought will be set to ‘redeemed’. Any other attempt will be returned with an error letting me know the gift has already been redeemed. For image 2, as long as I am logged in and the gift button is active I can redeem as many gifts as i want.

It all comes down to Planning! you want to build a platform? write what you want to do on a paper then revise it and look for loopholes. After building, do some extensive test if you can not get any testers, let your friends test for you. Do not rely on your test alone.

Don’t forget to share with your friends, if you want to keep in touch with Node Shack, you should follow us on Twitter and Instagram @Node_shack. We will keep you updated with important news from NodeJS official website, Node Shack challenges, latest development tools, and interesting guides.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store