Hello, Check out https://driving.ecitizen.go.ke/ and if possible give them feedback. Regards, ====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/ ========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People"
Hi, Just had a quick look I noticed: 1. Inconsistency of fonts. i.e. Look at https://driving.ecitizen.go.ke/index.php?id=3 and https://driving.ecitizen.go.ke/index.php?id=2 2. Cleaning up of the URLs. On the Bright side: It works :-) On 10 July 2014 17:13, Andrew Wafula <awafula@gmail.com> wrote:
Hello,
Check out https://driving.ecitizen.go.ke/ and if possible give them feedback.
Regards,
====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/ ========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People"
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo P.O Box 28016 - 00200, Nairobi. Mobile: +254725 567 508 Skype:tim.rick | Twitter: @MMuendo | gtalk: timrick | Web: www.muendo.co.ke <james@muendo.co.ke> <http://muendoshead.blogspot.com/>
Make the URLs cleaner, e.g. instead of https://driving.ecitizen.go.ke/index.php?id=3, have https://driving.ecitizen.go.ke/eservices While I am at https://driving.ecitizen.go.ke/index.php?id=3, the menu "eServices" is not highlighted https://driving.ecitizen.go.ke/ is the same page as https://driving.ecitizen.go.ke/index.php?id=1, yet in the latter, the "Home" menu is not highlighted. I wouldn't use SSL for all pages, unless I have unlimited resources on the server side. Interestingly, the "Contact Us" page has a nice URL, https://driving.ecitizen.go.ke/index.php/help/contact. I would get rid of the index.php all the same. I suspect navigating to a non-existent page is throwing a fatal PHP error. This is both good and bad. Good because you have hidden PHP error messages. Bad because you do not have a custom 404 page At https://driving.ecitizen.go.ke/index.php/help/contact, I would make the form smaller and provide other contacts, e.g. physical contacts, telephone, fax, email, postal address etc Still at https://driving.ecitizen.go.ke/index.php/help/contact, in one of the page titles, there is a misplaced dash before the word "Contact Form" The sign up url is interesting, https://account.ecitizen.go.ke/register?return_url=https://driving.ecitizen..... I would have had https://account.ecitizen.go.ke/register and then the return URL I store in the session. Finally, deal with the basics! 1. Minify html, css and js! 2. Tell your webserver to gzip content before sending! 3. Inline JavaScript is not such a good idea 4. Have proper meta tags! 5. Protect your directories! On Thu, Jul 10, 2014 at 10:05 PM, James Muendo <timrick@gmail.com> wrote:
Hi,
Just had a quick look I noticed:
1. Inconsistency of fonts. i.e. Look at https://driving.ecitizen.go.ke/index.php?id=3 and https://driving.ecitizen.go.ke/index.php?id=2 2. Cleaning up of the URLs.
On the Bright side:
It works :-)
On 10 July 2014 17:13, Andrew Wafula <awafula@gmail.com> wrote:
Hello,
Check out https://driving.ecitizen.go.ke/ and if possible give them feedback.
Regards,
====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/ ========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People"
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725 567 508 Skype:tim.rick | Twitter: @MMuendo | gtalk: timrick | Web: www.muendo.co.ke <james@muendo.co.ke> <http://muendoshead.blogspot.com/>
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
Thanks Peter, Forwarded to the relevant chaps. Regards, ====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/ ========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People" On Fri, Jul 11, 2014 at 11:51 AM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Make the URLs cleaner, e.g. instead of https://driving.ecitizen.go.ke/index.php?id=3, have https://driving.ecitizen.go.ke/eservices
While I am at https://driving.ecitizen.go.ke/index.php?id=3, the menu "eServices" is not highlighted
https://driving.ecitizen.go.ke/ is the same page as https://driving.ecitizen.go.ke/index.php?id=1, yet in the latter, the "Home" menu is not highlighted.
I wouldn't use SSL for all pages, unless I have unlimited resources on the server side.
Interestingly, the "Contact Us" page has a nice URL, https://driving.ecitizen.go.ke/index.php/help/contact. I would get rid of the index.php all the same.
I suspect navigating to a non-existent page is throwing a fatal PHP error. This is both good and bad. Good because you have hidden PHP error messages. Bad because you do not have a custom 404 page
At https://driving.ecitizen.go.ke/index.php/help/contact, I would make the form smaller and provide other contacts, e.g. physical contacts, telephone, fax, email, postal address etc
Still at https://driving.ecitizen.go.ke/index.php/help/contact, in one of the page titles, there is a misplaced dash before the word "Contact Form"
The sign up url is interesting, https://account.ecitizen.go.ke/register?return_url=https://driving.ecitizen..... I would have had https://account.ecitizen.go.ke/register and then the return URL I store in the session.
Finally, deal with the basics! 1. Minify html, css and js! 2. Tell your webserver to gzip content before sending! 3. Inline JavaScript is not such a good idea 4. Have proper meta tags! 5. Protect your directories!
On Thu, Jul 10, 2014 at 10:05 PM, James Muendo <timrick@gmail.com> wrote:
Hi,
Just had a quick look I noticed:
1. Inconsistency of fonts. i.e. Look at https://driving.ecitizen.go.ke/index.php?id=3 and https://driving.ecitizen.go.ke/index.php?id=2 2. Cleaning up of the URLs.
On the Bright side:
It works :-)
On 10 July 2014 17:13, Andrew Wafula <awafula@gmail.com> wrote:
Hello,
Check out https://driving.ecitizen.go.ke/ and if possible give them feedback.
Regards,
====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/
========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People"
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725 567 508 Skype:tim.rick | Twitter: @MMuendo | gtalk: timrick | Web: www.muendo.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
There are several vulnerabilities especially when u go through https traffic. If there is any WAF, then it cant stop SSL hacking attempts. They need to try assess that especially if it will be storing government sensitive data. These are the major risks: Cyber Terrorism - An alshabab could easily get a document and move to Kenya, get employed and infiltrate into a serious facility Organized Crime - They can use this to make fake Identifications and Certs for a bigger operation on Kenyan Soil. Cyber Crime - Fraudsters and other Cyber Thieves will definitely use this if a Security Test is not effectively done soon. On 7/11/14, Peter Karunyu <pkarunyu@gmail.com> wrote:
Make the URLs cleaner, e.g. instead of https://driving.ecitizen.go.ke/index.php?id=3, have https://driving.ecitizen.go.ke/eservices
While I am at https://driving.ecitizen.go.ke/index.php?id=3, the menu "eServices" is not highlighted
https://driving.ecitizen.go.ke/ is the same page as https://driving.ecitizen.go.ke/index.php?id=1, yet in the latter, the "Home" menu is not highlighted.
I wouldn't use SSL for all pages, unless I have unlimited resources on the server side.
Interestingly, the "Contact Us" page has a nice URL, https://driving.ecitizen.go.ke/index.php/help/contact. I would get rid of the index.php all the same.
I suspect navigating to a non-existent page is throwing a fatal PHP error. This is both good and bad. Good because you have hidden PHP error messages. Bad because you do not have a custom 404 page
At https://driving.ecitizen.go.ke/index.php/help/contact, I would make the form smaller and provide other contacts, e.g. physical contacts, telephone, fax, email, postal address etc
Still at https://driving.ecitizen.go.ke/index.php/help/contact, in one of the page titles, there is a misplaced dash before the word "Contact Form"
The sign up url is interesting, https://account.ecitizen.go.ke/register?return_url=https://driving.ecitizen..... I would have had https://account.ecitizen.go.ke/register and then the return URL I store in the session.
Finally, deal with the basics! 1. Minify html, css and js! 2. Tell your webserver to gzip content before sending! 3. Inline JavaScript is not such a good idea 4. Have proper meta tags! 5. Protect your directories!
On Thu, Jul 10, 2014 at 10:05 PM, James Muendo <timrick@gmail.com> wrote:
Hi,
Just had a quick look I noticed:
1. Inconsistency of fonts. i.e. Look at https://driving.ecitizen.go.ke/index.php?id=3 and https://driving.ecitizen.go.ke/index.php?id=2 2. Cleaning up of the URLs.
On the Bright side:
It works :-)
On 10 July 2014 17:13, Andrew Wafula <awafula@gmail.com> wrote:
Hello,
Check out https://driving.ecitizen.go.ke/ and if possible give them feedback.
Regards,
====================== Andrew Wafula Wapakala Web: www.wertsoft.com Blog: http://thewert.blogspot.com/ ========================================================================== If you have made mistakes...there is always another chance for you... you may have a fresh start any moment you choose, for this thing we call 'failure' is not the falling down, but the staying down. - Mary Pickford "Great Minds Discuss Ideas; Average Minds Discuss Events; Small Minds Discuss People"
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725 567 508 Skype:tim.rick | Twitter: @MMuendo | gtalk: timrick | Web: www.muendo.co.ke <james@muendo.co.ke> <http://muendoshead.blogspot.com/>
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
participants (4)
-
Andrew Wafula -
Gichuki John Chuksjonia -
James Muendo -
Peter Karunyu